Exploit code released puts Windows 10 20H2 and Windows Server 20H2 at risk

Vulnerability CVE-2021-3166 was first discovered in the HTTP Protocol Stack (HTTP.sys) used by the Windows Internet Information Services (IIS) web server as the protocol handler for handling HTTP requests.

However, to exploit this vulnerability, an attacker would have to send a special packet to servers that still use the vulnerable HTTP Protocol Stack to process the packets. Thankfully, however, Microsoft recently patched this vulnerability as part of its recent Patch Tuesday update, so the vulnerability only affects Windows 10 20H2 and Windows Server 20H2.

Because this bug could allow an unauthenticated attacker to remotely execute arbitrary code, Microsoft recommends that organizations patch all affected servers as soon as possible.

Security researcher Alex Souchet has released a PoC that lacks auto-spreading to show how an attacker can leverage CVE-2021-3166 to carry out attacks on Windows 10 systems and servers. vulnerable to attack.

Exploit code released puts Windows 10 20H2 and Windows Server 20H2 at risk Picture 1

By abusing the use-after-free vulnerability in HTTP.sys, Souchet's exploit could trigger a denial of service (DoS) attack leading to a blue screen of death (BSoD) on vulnerable systems. public.

While releasing a PoC exploit for this vulnerability may make it easier for cybercriminals to develop their own exploits, the fact is that the vulnerability was patched and released by Microsoft during the Windows Update. 10, which means most systems are safe from attacks.

However, if you haven't installed the latest Windows 10 update from Microsoft, now is the time to do so to avoid falling victim to any potential attacks that take advantage of this vulnerability.

Micah Soto

Update 19 May 2021