Microsoft has quietly released a patch for a serious easily exploitable remote code exploit for Windows desktop and Server, including the latest Windows 11 and Windows Server 2022.
The exploit is in HTTP Protocol Stack (HTTP.sys) and can be exploited merely by sending a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. Attackers do not even need to be authenticated.
Luckily no proof of concept code for CVE-2022-21907 has been released yet, and there is no known exploit in the wild.
There is also mitigation available.
In Windows Server 2019 and Windows 10 version 1809, the HTTP Trailer Support feature that contains the vulnerability is not active by default. The following registry key must be configured to introduce the vulnerable condition:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesHTTPParameters
"EnableTrailerSupport"=dword:00000001
This mitigation does not apply to the other affected versions.
Nevertheless, Microsoft suggests IT staff prioritize the patching of affected servers.
Read more about the issue at Microsoft here.
via BleepingComputer