HTTP Protocol Stack Vulnerability
This live blog contains information regarding vulnerabilities in the HTTP Protocol Stack Vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
T-Update
This live blog contains information regarding vulnerabilities in the HTTP Protocol Stack Vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update January 12, 2022
14:00 | During the January patch Tuesday Microsoft released patches for 96 new vulnerabilities. The most severe vulnerability is a remote code execution vulnerability in http.sys, registered as CVE-2022-21907. This vulnerability allows an unauthenticated attacker to execute code on an affected system by sending a specially crafted request or response.
We advise to check if your products are listed and apply the required patches or workaround as soon as possible.
Background
The vulnerability allows a remote unauthenticated attacker to directly construct malicious requests or responses to trigger remote code execution. Since the vulnerability is wormable, it has the ability to move lateral from public exposed systems to internal facing systems. Additionally, as this is both a client and a server vulnerability, an infected internal client can infect other systems. Of the currently maintained Windows versions, the following versions are vulnerable: Windows 10 Windows 10 version 1809 – The HTTP Trailer Support feature is disabled by default. Windows 11 Windows Server 2019 – The HTTP Trailer Support feature is disabled by default. Windows Server 2022 Windows Server 20H2 Microsoft published a patch on the 11th of January 2022. It is strongly advised applying this patch as soon as possible. As a workaround, the registry key HKLM:\System\CurrentControlSet\Services\HTTP\Parameter\EnableTrailerSupport can be set to 0, disabling the HTTP Trailer Support feature. For Windows Server 2019 and Windows 10 version 1809, the HTTP Trailer Support feature is normally not active, as this registry key is set to 0 by default.
Risk
During the January patch Tuesday Microsoft released patches for 96 new vulnerabilities. The most severe vulnerability is a remote code execution vulnerability in http.sys, registered as CVE-2022-21907. This vulnerability has a CVSS-score of 9.8. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact. The CVE-2022-21907 vulnerability is a remote code execution vulnerability and allows an unauthenticated remote attacker to execute code on the affected system. The vulnerability exists in the HTTP Trailer Support feature of http.sys. Be aware that http.sys is not only used as a server component, but also clients make use of http.sys. Clients connecting to a rogue webserver can also be exploited.
Advice
Sources
More information:
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
