Microsoft has patched a critical vulnerability in the latest Windows 10 home and server versions, leading to remote code execution attacks if exploited. The vulnerability is specific to the HTTP Protocol Stack in Information Services (IIS) web server, which is used to process HTTP requests. Also, a demo proof-of-concept code for this was released by a security researcher.
HTTP Vulnerability in Windows 10
Remote code execution is an exploit where an attacker exploits a known vulnerability in the software and executes arbitrary code for running malicious tasks in the victim’s computer. This is often remedied by pushing software patches by the vendors, and it’s users’ duty to apply them whenever made available.
Microsoft released one such patch in this month’s Windows 10 cumulative update, which secures the HTTP vulnerability (tracked as CVE-2021-31166 ) affecting Windows 10 2004/20H2 and Windows Server versions 2004/20H2. Researchers said this vulnerability could allow an attacker to process a remote code execution if exploited.
The issue especially pertains to HTTP Protocol Stack (HTTP.sys) used by the Windows Internet Information Services (IIS) web server, which processes the HTTP requests by being a protocol listener. After Microsoft released a patch for this, Axel Souchet , a security researcher, released a demo proof-of-concept code for this vulnerability that cannot spread automatically among the connected systems.
I’ve built a PoC for CVE-2021-31166 the “HTTP Protocol Stack Remote Code Execution Vulnerability”: https://t.co/8mqLCByvCp ???????? pic.twitter.com/yzgUs2CQO5 — Axel Souchet (@0vercl0k) May 16, 2021
