Windows 10 security targeted via new critical vulnerability
Wormable vulnerability already patched by Microsoft
A security researcher has released proof-of-concept exploit code for a critical wormable vulnerability found in the latest versions of Windows 10 and Windows server.
The vulnerability, tracked as CVE-2021-3166, was first discovered in the HTTP Protocol Stack (HTTP.sys) used by the Windows Internet Information Services (IIS) web server as a protocol listener for processing HTTP requests, according to BleepingComputer.
In order to exploit this vulnerability though, an attacker would have to send a specially crafted packet to servers still using the vulnerable HTTP Protocol Stack to process packets. Thankfully though, Microsoft recently patched the flaw as part of its recent Patch Tuesday updates and the vulnerability only affects Windows 10 versions 2004/20H2 and Windows Server versions 2004/20H2.
- We've built a list of the best endpoint protection software
- These are the best firewalls on the market
- Also check out our roundup of the best Windows 10 VPN
As this bug could allow an unauthenticated attacker to remotely execute arbitrary code, Microsoft strongly recommends that organizations patch all affected servers as soon as possible.
Proof-of-concept exploit code
Security researcher Alex Souchet has released proof-of-concept (PoC) exploit code which lacks auto-spreading capabilities to show how a threat actor could leverage CVE-2021-3166 to launch attacks on vulnerable Windows 10 systems and servers.
By abusing a use-after-free dereference in HTTP.sys, Souchet's exploit is able to trigger a denial of service (DoS) that then leads to a blue screen of death (BSoD) on vulnerable systems. He provided further details on how his exploit works in a new post on GitHub, saying:
“The bug itself happens in http!UlpParseContentCoding where the function has a local LIST_ENTRY and appends item to it. When it's done, it moves it into the Request structure; but it doesn't NULL out the local list. The issue with that is that an attacker can trigger a code-path that frees every entries of the local list leaving them dangling in the Request object.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Although releasing a PoC exploit for this vulnerability could make it easier for cybercriminals to develop their own exploits, the fact that this vulnerability has already been patched by Microsoft and rolled out in the latest round of Windows 10 updates means that most systems are likely safe from attacks.
However, if you haven't installed the latest Windows 10 updates from Microsoft yet, now is the time to do so to prevent falling victim to any potential attacks leveraging this vulnerability.
- We've also highlighted the best antivirus
Via BleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.