Microsoft advises companies to urgently patch wormable critical Windows Server RCE

Microsoft has quietly released a patch for a serious, easily exploitable remote code attack targeting Windows desktops and servers, including the latest Windows 11 and Windows Server 2022. The vulnerability is exploited in the HTTP protocol stack (HTTP.sys) by simply sending a specially crafted packet to the target server to process the packets. The attacker doesn't even need to be authenticated.

Fortunately, no proof-of-concept code has been released for CVE-2022-21907, and there are no known exploits.

There are also mitigation measures.

In Windows Server 2019 and Windows 10, version 1809, the HTTP Trailer Support feature that contains this vulnerability is not active by default. The following registry key must be configured to introduce the vulnerability:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\"EnableTrailerSupport"=dword:00000001

This mitigation does not apply to other affected versions.

Nonetheless, Microsoft recommends that IT staff prioritize patching affected servers.

Read more about Microsoft issues here.

The above is the detailed content of Microsoft advises companies to urgently patch wormable critical Windows Server RCE. For more information, please follow other related articles on the PHP Chinese website!