On Sunday, Security researcher Axel Souchet released a PoC exploit for the newly disclosed IIS vulnerability tracked as CVE-2021-31166. Currently, the exploit only causes the operating system to crash. The IIS bug was disclosed and patched in the May 2021 Patch Tuesday and is a memory corruption vulnerability in the HTTP protocol stack included with recent Windows versions (Windows 10 2004 and 20H2). The bug is considered wormable due to how IIS operates and is exposed to an attacker, which pushes the CVSS score to 9.8. As previously mentioned, a patch is available and, Microsoft recommends “prioritizing the patching of affected servers.”
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is