Wormable Windows HTTP vulnerability also affects WinRM servers


Level 21
Malware Tester
Feb 25, 2017
A wormable vulnerability in the HTTP Protocol Stack of the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM (Windows Remote Management) service.
Microsoft already patched the critical bug tracked as CVE-2021-31166 during the May Patch Tuesday.
Luckily, although it can be abused by threat in remote code execution (RCE) attacks, the vulnerability ONLY impacts versions 2004 and 20H2 of Windows 10 and Windows Server.
Microsoft recommended prioritizing patching all affected servers because the vulnerability could allow unauthenticated attackers to execute arbitrary code remotely "in most situations" on vulnerable computers.
Adding to this, over the weekend, security researcher Axel Souchet has published proof-of-concept exploit code that can be used to crash unpatched systems using maliciously crafted packets by triggering blue screens of death.