On May 11, Microsoft officially released the May security update patch, which fixes a remote code execution vulnerability in the HTTP protocol stack (CVE-2021-31166), which exists in the HTTP protocol stack (http.sys). In the processing program, an unauthenticated remote attacker can exploit this flaw by sending specially crafted data packets to the target host to execute arbitrary code as the kernel on the target system.
- Windows Server, version 20H2 (Server Core Installation)
- Windows 10 Version 20H2 for ARM64-based Systems
- Windows 10 Version 20H2 for 32-bit Systems
- Windows 10 Version 20H2 for x64-based Systems
- Windows Server, version 2004 (Server Core installation)
- Windows 10 Version 2004 for x64-based Systems
- Windows 10 Version 2004 for ARM64-based Systems
- Windows 10 Version 2004 for 32-bit Systems
At present, Microsoft has officially released a security patch to fix this vulnerability for the supported Windows 10 version. It is strongly recommended that affected users install the patch as soon as possible for protection.
The post CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability appeared first on InfoTech News.