Exploit code released puts Windows 10 20H2 and Windows Server 20H2 at risk

According to Bleeping Computer, the vulnerability CVE-2021-3166 was first discovered in the HTTP Protocol Stack (HTTP.sys) used by the Windows Internet Information Services (IIS) web server as the protocol handler to handle the HTTP request.

However, to exploit this vulnerability, an attacker would have to send a special packet to servers that still use the vulnerable HTTP Protocol Stack to process the packets. Thankfully, however, Microsoft recently patched this vulnerability as part of its recent Patch Tuesday update, so the vulnerability only affects Windows 10 20H2 and Windows Server 20H2.

Because this bug could allow an unauthenticated attacker to remotely execute arbitrary code, Microsoft recommends that organizations patch all affected servers as soon as possible.

Security researcher Alex Souchet has released a PoC that lacks auto-spreading to show how an attacker can leverage CVE-2021-3166 to carry out attacks on Windows 10 systems and servers. vulnerable to attack.

A critical security vulnerability was found in the latest versions of Windows 10 and Windows Server.

By abusing the use-after-free vulnerability in HTTP.sys, Souchet’s exploit could trigger a denial of service (DoS) attack leading to a blue screen of death (BSoD) on vulnerable systems. public.

While releasing a PoC exploit for this vulnerability might make it easier for cybercriminals to develop their own exploits, the fact is that the vulnerability was patched and released by Microsoft during the Windows Update 10, which means most systems are safe from attacks.

However, if you haven’t installed the latest Windows 10 update from Microsoft, now is the time to do so to avoid falling victim to any potential attacks that take advantage of this vulnerability.

Source link: Exploit code released puts Windows 10 20H2 and Windows Server 20H2 at risk

See more:  How to clear recent color history on Windows 10

– https://techtipsnreview.com/

, , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *