Published: 11/01/2022 Updated: 17/01/2022

Vulnerability Summary

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability. Exploitation More Likely.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Github Repositories

AWS Systems Manager Public Documents The purpose of this GitHub repository is to archive AWS Systems Manager public documents A new folder will be created for each date that this workflow is executed Each Systems Manager document will be archived as a JSON object, which can easily be interpreted by any language Folder structure of persisted AWS Systems Manager documents: doc

CVE-2022-21907 Description This repository detects a system vulnerable to CVE-2022-21907 (CVSS:31 98) and protects against this vulnerability if desired I offer 2 powershell codes in 1 line Codes Only detect $ErrorActionPreference="SilentlyContinue";$_=($(Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\ -Name EnableTrailerSupport)E

Recent Articles

Microsoft starts 2022 with big bundle fixes for 96 security bugs in its software
The Register • Thomas Claburn in San Francisco • 12 Jan 2022

Get our weekly newsletter Nothing is certain except death, taxes, and programming errors

Patch Tuesday The new year brings the same old chore of shoring up Microsoft software. For its first Patch Tuesday of 2022, Redmond has bestowed 96 new CVEs affecting its Windows products.
If you include 24 Chromium CVEs published earlier this month and now addressed in Microsoft's Edge browser, in addition to two CVEs in open source projects (Curl and Libarchive), you get 122 fixes that need to be applied.
Affected systems include: Windows and associated components, Edge, Exchange S...

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
Threatpost • Tara Seals • 11 Jan 2022

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days.
The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper...

Microsoft: New critical Windows HTTP vulnerability is wormable
BleepingComputer • Sergiu Gatlan • 11 Jan 2022

Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022.
The bug, tracked as
and patched during
, was discovered in the HTTP Protocol Stack (HTTP.sys) used as a protocol listener for processing HTTP requests by the Windows Internet Information Services (IIS) web server.
Successful exploitation requires threat actors to send maliciously crafted packets t...