Contact us: (949) 287-3374

Time to patch. Critical vulnerability in handling HTTP protocol in Windows 10 / Server

By Przemek

Microsoft released patches addressing a critical RCE vulnerability in Windows. This vulnerability allows an unauthenticated attacker to remotely execute code as kernel. This is a wormable vulnerability where an attacker can simply send a malicious crafted packet to the target impacted web server.

Microsoft rates the criticality of this vulnerability at 9.8 / 10 on the CVSSv3 scale

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166