Exploit Released for Workable Windows HTTP Bug

The vulnerability allows a specially crafted packet to be sent and malicious code executed in the operating system kernel.


A security researcher has published a PoC test code to exploit a worm-like vulnerability (CVE-2021-31166) in Windows IIS server.

The issue scored 9.8 out of 10 maximum on the CVSSv3 scale and is a memory corruption vulnerability in the HTTP protocol stack included in recent versions of Windows. The stack is used by the embedded Windows IIS server. If the server is turned on, an attacker can send a specially crafted packet and execute malicious code right in the operating system kernel.

While the vulnerability appears to be extremely dangerous, there are also several factors that mitigate the risk. First, the issue only affects the latest versions of Windows, including Windows 10 2004 and 20H2, as well as Windows Server 2004 and 20H2.

Former Microsoft engineer Axel Souchet also published PoC code to exploit the vulnerability, but the code does not include the possibility of worm-like infection of networks, but only causes the Windows system to crash.