PoC Exploit for critical HTTP bug:
Tracked as CVE-2021-31166, the security flaw was primarily found in the HTTP Protocol Stack of the Windows Internet Information Services (IIS) web server as a protocol listener for processing HTTP requests.
It is known that for a threat actor to actually exploit the vulnerability, they would need to transmit a particularly designed packet to the servers that are still using the vulnerability HTTP Protocol Stack to process packets.
Successful exploitation of the bug could have facilitated malicious entities to execute arbitrary code remotely.
The PoC released by security researcher Alex Souchet has the exploit code for the vulnerability and demonstrates how it can be compromised to initiate attacks on vulnerable Windows 10 servers and systems.
The vulnerability code, however, doesn’t hold the ability to auto-spread.
Exploiting a use-after-free dereference in HTTP.sys, the exploit was found to be able to trigger a denial-of-service (DoS) attack which then leads to a blue screen of death (BSoD). He explains in detail how the exploit operates on GitHub stating:
“The bug itself happens in http!UlpParseContentCoding where the function has a local LIST_ENTRY and appends an item to it. When it’s done, it moves it into the Request structure; but it doesn’t NULL out the local list. The issue with that is that an attacker can trigger a code-path that frees every entry of the local list leaving them dangling in the Request object.”
Vulnerability was patched in Patch Tuesday:
CVE-2021-31166 mainly gained traction when Microsoft patched it in the latest Windows 10 updates May 2021 Patch Tuesday.
It was provided that the vulnerability only affected Windows 10 versions 2004/20H2 and Windows Server versions 2004/20H2 even after gaining a CVSS score of 9.8, thereby falling in the critical category.
The PoC of the critical windows vulnerability goes ahead to highlight the cybersecurity hazards posed by such security flaws in even the most established operating systems.
It is hence recommended that all Windows users should update to the latest version of Windows to mitigate the potential cyberattack incidents.