A security researcher has published a PoC test code to exploit a worm-like vulnerability (CVE-2021-31166) in Windows IIS server.
The issue scored 9.8 out of 10 maximum on the CVSSv3 scale and is a memory corruption vulnerability in the HTTP protocol stack included in recent versions of Windows. The stack is used by the embedded Windows IIS server. If the server is turned on, an attacker can send a specially crafted packet and execute malicious code right in the operating system kernel.
While the vulnerability appears to be extremely dangerous, there are also several factors that mitigate the risk. First, the issue only affects the latest versions of Windows, including Windows 10 2004 and 20H2, as well as Windows Server 2004 and 20H2.
I've built a PoC for CVE-2021-31166 the "HTTP Protocol Stack Remote Code Execution Vulnerability": https://t.co/8mqLCByvCp 🔥🔥 pic.twitter.com/yzgUs2CQO5
— Axel Souchet (@0vercl0k) May 16, 2021
Former Microsoft engineer Axel Souchet also published PoC code to exploit the vulnerability, but the code does not include the possibility of worm-like infection of networks, but only causes the Windows system to crash.