Common ProblemMicrosoft advises companies to urgently patch wormable critical Windows Server RCEMicrosoft advises companies to urgently patch wormable critical Windows Server RCE
Microsoft has quietly released a patch for a serious, easily exploitable remote code attack targeting Windows desktops and servers, including the latest Windows 11 and Windows Server 2022. The vulnerability is exploited in the HTTP protocol stack (HTTP.sys) by simply sending a specially crafted packet to the target server to process the packets. The attacker doesn't even need to be authenticated.
Fortunately, no proof-of-concept code has been released for CVE-2022-21907, and there are no known exploits.
There are also mitigation measures.
In Windows Server 2019 and Windows 10, version 1809, the HTTP Trailer Support feature that contains this vulnerability is not active by default. The following registry key must be configured to introduce the vulnerability:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\"EnableTrailerSupport"=dword:00000001
This mitigation does not apply to other affected versions.
Nonetheless, Microsoft recommends that IT staff prioritize patching affected servers.
Read more about Microsoft issues here.
The above is the detailed content of Microsoft advises companies to urgently patch wormable critical Windows Server RCE. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SublimeText3 Linux new version
SublimeText3 Linux latest version
SublimeText3 Chinese version
Chinese version, very easy to use
