A Proof-of-Concept for a Wormable Windows IIS Bug Has Been Released

16
A Proof-of-Concept for a Wormable Windows IIS Bug Has Been Released

A security researcher published a proof-of-concept exploit code for a wormable Windows IIS server vulnerability over the weekend. The vulnerability, known as CVE-2021-31166, was discovered by Microsoft employees and fixed last week in the May 2021 Patch Tuesday.

The bug was deemed the most dangerous vulnerability Microsoft patched in this month’s patch cycle by many security analysts and firms who checked last week’s security updates. The bug is a memory corruption flaw in the HTTP protocol stack included with recent Windows versions, with a CVSSv3 severity rating of 9.8 out of 10. The built-in IIS server in Windows uses this stack. 

To Read More: The Record