1. Basic situation
Microsoft released the May security update patch on May 12, which contains the HTTP protocol stack remote code execution vulnerability (CVE-2021-31166), the vulnerability exists in the HTTP protocol stack driver module (http.sys), attackers can remotely Exploit by sending special data packets to the target host. Successful utilization may cause the target system to crash or remote code execution (difficulty). The POC (proof of concept code) for this vulnerability has been made public on the Internet, and the risk of exploiting the vulnerability is increasing. It is recommended that affected users actively fix the vulnerability.
2. Vulnerability description
Hypertext Transfer Protocol (HTTP) is an application layer protocol used to transfer hypermedia documents (such as HTML). It is designed for the communication between a web browser and a web server. The HTTP protocol stack on Windows is used for the web server on Windows, such as IIS. If there are vulnerabilities in the components related to the protocol stack, it may cause remote malicious code. carried out. After analysis, the impact of the CVE-2021-31166 vulnerability can stably trigger BSoD (Blue Screen of Death, abbreviated BSoD, which refers to the blue screen of death image displayed by the Microsoft Windows operating system when it cannot recover from a system error). The vulnerability is officially marked by Microsoft as Wormable (worm-level) and Exploitation More Likely (more likely to be exploited), which means that the vulnerability is highly likely to be exploited, and malicious attackers may use the vulnerability to create worm attacks.
3. Scope of influence
Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Four, safety recommendations
When Microsoft released a security update for the month on May 12, the vulnerability was fixed.
Users can also manually download and install the patch through the following link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166
Source: https://s.tencent.com/research/bsafe/1312.html
Post a Comment