PoC exploit code released for Windows wormable RCE (CVE-2021-31166)

PoC exploit code released for Windows wormable RCE (CVE-2021-31166)

A security researcher has published proof-of-concept (PoC) exploit code for a Windows HTTP protocol stack remote code execution (RCE) vulnerability CVE-2021-31166.

Axel Souchet who goes by the handle “0vercl0k” posted the new PoC code to GitHub and also referred to a tweet by Microsoft’s Justin Campbell that the vulnerability had been found by @_mxms and @fzzyhd1:

Souchet sent out another tweet confirming the PoC:

Microsoft patch updates

Microsoft patched the Critical vulnerability CVE-2021-31166 (CVSS base score of 9.8) in May 2021 as part of its monthly security updates.

“In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets,” Microsoft stated in the advisory.

Moreover, the tech giant also warned the vulnerability is wormable and the patch should be prioritized on affected servers.

As part of the May security updates, Microsoft patched 55 vulnerabilities, 4 of those rated Critical and 3 zero-day flaws.

Related Articles