[PoC] CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability Alert
This vulnerability affects all versions of Windows 10 Version 1809 and above, including Windows Server 2019/2022. Microsoft said that companies should prioritize fixing server vulnerabilities, and at the same time, the vulnerability can become a worm type, that is, after infection, the virus can spread laterally on the intranet. At present, the latest cumulative update released by Microsoft has successfully fixed this vulnerability, and the affected operating system only needs to install the latest cumulative update and restart. As for how the vulnerability could be exploited, Microsoft said an attacker would simply use a specially crafted packet to send to the target server, and the vulnerability would be triggered when the protocol stack processes the data. The protocol stack here refers to the HTTP protocol stack (corresponding to http.sys). The vulnerability CVSS score is 8.5. Microsoft said that CVE-2022-21907 is very easy to be exploited.
In Windows Server 2019 and Windows 10 version 1809, the the HTTP Trailer Support feature that contains the vulnerability is not active by default. The following registry key must be configured to introduce the vulnerable condition:
On January, 17th, 2022, antx releases PoC for this vulnerability.