On May 11, 2021, Microsoft released a patch for CVE-2021-31166, a critical remote code execution vulnerability in the HTTP protocol stack of Windows. Microsoft marked this vulnerability as a wormable vulnerability that is vulnerable to attacks and can be exploited by attackers to launch widespread worm attacks.

Detected vulnerability

  • Vulnerability number: CVE-2021-31166
  • Vulnerability severity: critical
  • Affected versions: Windows Server, version 2004 (Server Core installation)

    The following operating system versions are included:

    • Windows Server Version 2004 Datacenter 64-bit (Chinese)
    • Windows Server Version 2004 Datacenter 64-bit (English)
    • Windows Server Version 2004 Datacenter with Containers 64-bit (Chinese)
    • Windows Server Version 2004 Datacenter with Containers 64-bit (English)

Details

This vulnerability exists in the HTTP protocol stack processing program (http.sys) of Windows 10 and Windows Server. The program enables applications or devices to communicate with each other over HTTP and is used in the communication of common components such as Internet Information Services (IIS). An unauthorized attacker can exploit this vulnerability by sending crafted malicious requests to target servers to execute arbitrary code on the servers.

Security suggestions

Apply the patch for vulnerability CVE-2021-31166 at your earliest convenience.

Solutions

Go to the Microsoft official website to download the corresponding patch. For more information, see CVE-2021-31166.

If you have questions or feedback, submit a ticket to contact Alibaba Cloud.

Announcing party

Alibaba Cloud Computing Co., Ltd.