CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability

Overview

Severity
Critical (CVSS 9.8)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Category
Remote Code Execution
Exploit Status
Not Exploited
Exploitation Likelihood
More Likely
Patch Tuesday
2022-Jan
Released
2022-01-11
Last Updated
2022-01-12
EPSS Score
91.89% (percentile: 99.7%)

FAQ

How could an attacker exploit this vulnerability? In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. Is this wormable? Yes. Microsoft recommends prioritizing the patching of affected servers. Windows 10, Version 1909 is not in the Security Updates table. Is it affected by this vulnerability? No, the vulnerable code does not exist in Windows 10, version 1909. It is not affected by this vulnerability. Is the EnableTrailerSupport registry key present in any other platform than Windows Server 2019 and Windows 10, version 1809? No, the registry key is only present in Windows Server 2019 and Windows 10, version 1809.

Known Exploits (11)

  • HTTP Protocol Stack Remote Code Execution Vulnerability — added 2023-12-09T22:26:49Z
  • HTTP Protocol Stack Remote Code Execution Vulnerability — added 2023-08-17T13:58:00Z
  • HTTP Protocol Stack Remote Code Execution Vulnerability — added 2023-05-06T07:50:08Z
  • HTTP Protocol Stack Remote Code Execution Vulnerability — added 2022-11-22T09:10:36Z
  • HTTP Protocol Stack Remote Code Execution Vulnerability — added 2022-10-29T18:25:26Z
  • HTTP Protocol Stack Remote Code Execution Vulnerability — added 2022-08-25T21:07:15+08:00
  • HTTP Protocol Stack Remote Code Execution Vulnerability — added 2022-04-04T10:53:28Z
  • HTTP Protocol Stack Remote Code Execution Vulnerability — added 2022-01-23T14:25:12Z
  • HTTP Protocol Stack Remote Code Execution Vulnerability — added 2022-01-17T17:14:47Z
  • HTTP Protocol Stack Remote Code Execution Vulnerability — added 2022-01-17T15:42:37Z
  • HTTP Protocol Stack Remote Code Execution Vulnerability — added 2022-01-17T02:28:50Z

Detection & Weaponization (1 sources)

Maturity: Exploit

  • GitHub PoC: 16 repositories

Affected Products (18)

Windows

  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows 10 Version 21H1 for x64-based Systems
  • Windows 10 Version 21H1 for ARM64-based Systems
  • Windows 10 Version 21H1 for 32-bit Systems
  • Windows Server 2022
  • Windows Server 2022 (Server Core installation)
  • Windows 10 Version 20H2 for 32-bit Systems
  • Windows 10 Version 20H2 for ARM64-based Systems
  • Windows Server, version 20H2 (Server Core Installation)
  • Windows 11 version 21H2 for x64-based Systems
  • Windows 11 version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems

Security Updates (4)

Acknowledgments

<a href="https://m3ikshizuka.github.io/">Mikhail Medvedev (M3ik Shizuka)</a>

Revision History

  • 2022-01-11: Information published.
  • 2022-01-12: Clarified the mitigation and added FAQs. These are informational changes only.