Time to patch. Critical vulnerability in handling HTTP protocol in Windows 10 / Server
Microsoft released patches addressing a critical RCE vulnerability in Windows. This vulnerability allows an unauthenticated attacker to remotely execute code as kernel. This is a wormable vulnerability where an attacker can simply send a malicious crafted packet to the target impacted web server.
Microsoft rates the criticality of this vulnerability at 9.8 / 10 on the CVSSv3 scale