Threat Watch

Proof-of-Concept released for IIS Bug (CVE-2021-31166)

On Sunday, Security researcher Axel Souchet released a PoC exploit for the newly disclosed IIS vulnerability tracked as CVE-2021-31166. Currently, the exploit only causes the operating system to crash. The IIS bug was disclosed and patched in the May 2021 Patch Tuesday and is a memory corruption vulnerability in the HTTP protocol stack included with recent Windows versions (Windows 10 2004 and 20H2). The bug is considered wormable due to how IIS operates and is exposed to an attacker, which pushes the CVSS score to 9.8. As previously mentioned, a patch is available and, Microsoft recommends “prioritizing the patching of affected servers.”

ANALYST NOTES

This vulnerability sets itself apart due to the versions of Windows affected. In many cases, organizations won’t be affected if they are not using new versions of Windows servers. However, if companies have affected versions of IIS running internally or in their DMZ, now is the time to patch. With a POC already released, the time from research to exploit is greatly reduced. Ingesting logs from IIS servers can offer insight when more information about how to detect exploitation becomes available.

 

Reference:

https://therecord.media/poc-released-for-wormable-windows-iis-bug/

https://github.com/0vercl0k/CVE-2021-31166

 

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch
Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support