Microsoft has patched a critical vulnerability in the latest Windows 10 home and server versions, leading to remote code execution attacks if exploited. The vulnerability is specific to the HTTP Protocol Stack in Information Services (IIS) web server, which is used to process HTTP requests. Also, a demo proof-of-concept code for this was released by a security researcher.
HTTP Vulnerability in Windows 10
Remote code execution is an exploit where an attacker exploits a known vulnerability in the software and executes arbitrary code for running malicious tasks in the victim’s computer. This is often remedied by pushing software patches by the vendors, and it’s users’ duty to apply them whenever made available.
Microsoft released one such patch in this month’s Windows 10 cumulative update, which secures the HTTP vulnerability (tracked as CVE-2021-31166) affecting Windows 10 2004/20H2 and Windows Server versions 2004/20H2. Researchers said this vulnerability could allow an attacker to process a remote code execution if exploited.
The issue especially pertains to HTTP Protocol Stack (HTTP.sys) used by the Windows Internet Information Services (IIS) web server, which processes the HTTP requests by being a protocol listener. After Microsoft released a patch for this, Axel Souchet, a security researcher, released a demo proof-of-concept code for this vulnerability that cannot spread automatically among the connected systems.
I've built a PoC for CVE-2021-31166 the "HTTP Protocol Stack Remote Code Execution Vulnerability": https://t.co/8mqLCByvCp 🔥🔥 pic.twitter.com/yzgUs2CQO5
— Axel Souchet (@0vercl0k) May 16, 2021
While the threat itself is limited to one computer, it can blank out the system to go Blue Screen of Death (BSOD) if exploited. He explained that as,
“When it’s done, it moves it into the Request structure; but it doesn’t NULL out the local list. The issue with that is that an attacker can trigger a code-path that frees every entries of the local list leaving them dangling in the Request object.“
As it’s critical enough and can be exploited with the demo PoC codes in the wild, Microsoft strongly recommends users update their Windows 10 systems to the latest version being pushed to safeguard themselves.