On Sunday, Security researcher Axel Souchet released a PoC exploit for the newly disclosed IIS vulnerability tracked as CVE-2021-31166. Currently, the exploit only causes the operating system to crash. The IIS bug was disclosed and patched in the May 2021 Patch Tuesday and is a memory corruption vulnerability in the HTTP protocol stack included with recent Windows versions (Windows 10 2004 and 20H2). The bug is considered wormable due to how IIS operates and is exposed to an attacker, which pushes the CVSS score to 9.8. As previously mentioned, a patch is available and, Microsoft recommends “prioritizing the patching of affected servers.”
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security