Exploit released for Windows 10 HTTP protocol flaw that was fixed by update KB5003173

Security researcher Axel Souchet has released proof of concept code on GitHub that exploits CVE-2021-31166. Luckily, this CVE was patched by Microsoft with the release of KB5003173 during the May 2021 Patch Tuesday.

attack code

The proof of concept code lacks auto-spreading capabilities but malicious actors could develop their own code similar to his to perform remote code execution. Execution of Souchet's demonstration code triggers a blue screen of death.

Alex further explains:

The bug itself happens in http!UlpParseContentCoding where the function has a local LIST_ENTRY and appends item to it. When it's done, it moves it into the Request structure; but it doesn't NULL out the local list. The issue with that is that an attacker can trigger a code-path that frees every entries of the local list leaving them dangling in the Request object.

exploit gif

Microsoft recommends prioritizing patching all affected servers since the bug is wormable and in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (HTTP.sys) to process packets. Systems running the latest version of Windows 10 that are fully patched should be safe from attacks.

Source: GitHub via BleepingComputer

Report a problem with article
redbox logo
Next Article

Redbox, valued at $693 million, set to go public and gatecrash streaming services' party

An example emergency alert dialogue in front of big ben
Previous Article

UK set to enable Emergency Alerts after a trial period

0 Comments - Add comment

Advertisement