Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities in Microsoft including a critical HTTP Protocol Stack Remote Code Execution vulnerability tracked as CVE-2021-31166. The flaw could be exploited by an unauthenticated attacker by sending a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.
This stack is used by the Windows built-in IIS server, which means that it could be easily exploited if the server is enabled. The flaw is wormable and affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2.
The security researcher Axel Souchet has published over the weekend a proof-of-concept exploit code for the wormable flaw that impacted Windows IIS.
The PoC exploit code allows to crash an unpatched Windows system running an IIS server, it does not implement worming capabilities. Anyway, attackers could start triggering the vulnerability in the wild, the PoC code could be improved to be actively exploited.
Now, the security researcher Jim DeVries reported that the issue also impacts Windows 10 and Server devices running the Windows Remote Management (WinRM) service. a component of the Windows Hardware Management feature set which also makes use of the vulnerable HTTP.sys.
Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate.
The WinRM service is enabled by default on Windows servers running versions 2004 or 20H2 for this reason it only poses a serious risk to corporate environments, DeVries explained to BleepingComputer.
At the time of this writing, querying the Shodan search engine we can found more than 1,6 million Windows systems running the WinRM service are exposed online, and those which runs versions 2004 and 20H2 are vulnerable to CVE-2021-31166 exploit.
(SecurityAffairs – hacking, CVE-2021-31166)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.