Important: Exploit code POC released for Wormable vulnerability in IIS Servers. HTTP Protocol Stack Remote Code Execution Vulnerability(CVE-2021-31166) Patch your systems ASAP.Tweet
Security researchers from Microsoft has identified a critical vulnerability on IIS servers with the remote code execution capabilities . The CVSS score of 9.8 was assigned to highlight its criticality and the ease for exploitation. Luckily, Microsoft has released the patches for this vulnerability(CVE-2021-31166) as a part of patch Tuesday program on May 11.
Recently a researcher has released a working POC which can exploit this vulnerability which may lead to remote code execution with kernel privileges or Denial of service.
Additionally, Researcher has also posted “The bug itself happens in
http!UlpParseContentCoding where the function has a local
LIST_ENTRY and appends item to it. When it’s done, it moves it into the
Request structure; but it doesn’t
NULL out the local list. The issue with that is that an attacker can trigger a code-path that frees every entries of the local list leaving them dangling in the
Microsoft has advised the customers to include this on priority patching list as its really easy to exploit and additionally stated “In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.”
–For more Cyber security news in crisp content . Please follow our site