Posted on Leave a comment

Exploit code released for Wormable IIS Remote code execution vulnerability.

Important: Exploit code POC released for Wormable vulnerability in IIS Servers. HTTP Protocol Stack Remote Code Execution Vulnerability(CVE-2021-31166) Patch your systems ASAP.

Security researchers from Microsoft has identified a critical vulnerability on IIS servers with the remote code execution capabilities . The CVSS score of 9.8 was assigned to highlight its criticality and the ease for exploitation. Luckily, Microsoft has released the patches for this vulnerability(CVE-2021-31166) as a part of patch Tuesday program on May 11.

Recently a researcher has released a working POC which can exploit this vulnerability which may lead to remote code execution with kernel privileges or Denial of service.

Additionally, Researcher has also posted “The bug itself happens in¬†http!UlpParseContentCoding¬†where the function has a local¬†LIST_ENTRY¬†and appends item to it. When it’s done, it moves it into the¬†Request¬†structure; but it doesn’t¬†NULL¬†out the local list. The issue with that is that an attacker can trigger a code-path that frees every entries of the local list leaving them dangling in the¬†Request¬†object.”

Microsoft has advised the customers to include this on priority patching list as its really easy to exploit and additionally stated “In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.”

‚ÄďFor more Cyber security news in crisp content . Please follow our site

Leave a Reply