Wormable Windows HTTP vulnerability also affects WinRM servers

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,481
A wormable vulnerability in the HTTP Protocol Stack of the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM (Windows Remote Management) service.
Microsoft already patched the critical bug tracked as CVE-2021-31166 during the May Patch Tuesday.
Luckily, although it can be abused by threat in remote code execution (RCE) attacks, the vulnerability ONLY impacts versions 2004 and 20H2 of Windows 10 and Windows Server.
Microsoft recommended prioritizing patching all affected servers because the vulnerability could allow unauthenticated attackers to execute arbitrary code remotely "in most situations" on vulnerable computers.
Adding to this, over the weekend, security researcher Axel Souchet has published proof-of-concept exploit code that can be used to crash unpatched systems using maliciously crafted packets by triggering blue screens of death.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top