⚠ Actively exploited

Added to CISA KEV on 2022-04-06. Federal agencies required to patch by 2022-04-27. Required action: Apply updates per vendor instructions..

CVE-2021-31166

CWE-416 — Use After Free13 documents11 sources

Severity

9.8CRITICAL

EPSS

93.0%

top 0.22%

CISA KEV

KEV

Added 2022-04-06

Due 2022-04-27

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows 10 Version 2004 Microsoft Windows 10 Version 20h2 Microsoft Windows Server Version 2004 +5 more

Timeline

PublishedMay 11

KEV addedApr 6

KEV dueApr 27

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶NVDmicrosoft/windows< 10.0.19041.982+1

▶NVDmicrosoft/windows_10_2004< 10.0.19041.982

▶NVDmicrosoft/windows_10_20h2< 10.0.19042.982

▶CVEListV5microsoft/windows_10_version_200410.0.0 — 10.0.19041.982

▶CVEListV5microsoft/windows_10_version_20h210.0.0 — 10.0.19042.982

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-3mj9-c62w-jw5w: HTTP Protocol Stack Remote Code Execution Vulnerability↗2022-05-24

▶

CVEList

HTTP Protocol Stack Remote Code Execution Vulnerability↗2021-05-11

▶

VulnCheck

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability↗2021

▶

💥Exploits & PoCs

Metasploit

Windows IIS HTTP Protocol Stack DOS↗

▶

🔍Detection Rules

Suricata

ET EXPLOIT Windows HTTP Protocol Stack UAF/RCE (CVE-2021-31166), http.sys DOS (CVE-2022-21907) Inbound↗2021-05-17

▶

📋Vendor Advisories

CISA

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability↗2022-04-06

▶

Microsoft

HTTP Protocol Stack Remote Code Execution Vulnerability↗2021-05-11

▶