Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Windows 10 security targeted via new critical vulnerability

Image Description

A security researcher has released proof-of-concept exploit code for a critical wormable vulnerability found in the latest versions of Windows 10 and Windows server.

The vulnerability, tracked as CVE-2021-3166, was first discovered in the HTTP Protocol Stack (HTTP.sys) used by the Windows Internet Information Services (IIS) web server as a protocol listener for processing HTTP requests, according to BleepingComputer.

In order to exploit this vulnerability though, an attacker would have to send a specially crafted packet to servers still using the vulnerable HTTP Protocol Stack to process packets. Thankfully though, Microsoft recently patched the flaw as part of its recent Patch Tuesday updates and the vulnerability only affects Windows 10 versions 2004/20H2 and Windows Server versions 2004/20H2.

As this bug could allow an unauthenticated attacker to remotely execute arbitrary code, Microsoft strongly recommends that organizations patch all affected servers as soon as possible.

Proof-of-concept exploit code

Security researcher Alex Souchet has released proof-of-concept (PoC) exploit code which lacks auto-spreading capabilities to show how a threat actor could leverage CVE-2021-3166 to launch attacks on vulnerable Windows 10 systems and servers.

By abusing a use-after-free dereference in HTTP.sys, Souchet's exploit is able to trigger a denial of service (DoS) that then leads to a blue screen of death (BSoD) on vulnerable systems. He provided further details on how his exploit works in a new post on GitHub, saying:

“The bug itself happens in http!UlpParseContentCoding where the function has a local LIST_ENTRY and appends item to it. When it's done, it moves it into the Request structure; but it doesn't NULL out the local list. The issue with that is that an attacker can trigger a code-path that frees every entries of the local list leaving them dangling in the Request object.”

Although releasing a PoC exploit for this vulnerability could make it easier for cybercriminals to develop their own exploits, the fact that this vulnerability has already been patched by Microsoft and rolled out in the latest round of Windows 10 updates means that most systems are likely safe from attacks. 

However, if you haven't installed the latest Windows 10 updates from Microsoft yet, now is the time to do so to prevent falling victim to any potential attacks leveraging this vulnerability.

Via BleepingComputer

Date

17 May 2021

Sources

Share

Other Blog

  • Windows 11 drive slowdown bug affects more users than thought – but a fix is coming

    Windows 11 continues to run into trouble with drive speeds being seriously hampered, as more users are being affected by a previously flagged issue than was first thought – this isn’t just about NVMe SSDs it seems – but the better news is that Microsoft has a (hopefully imminent) fix in the pipeline.

    Earlier this week, we reported on the problem with NVMe SSDs running over 50% slower in some cases with write speeds, but as noted, it turns out that this nasty storage flaw affects all disks, as Microsoft has recently admitted (as spotted by Windows Latest, which points out the problem has been observed across all sorts of online forums).

    On November 22, Microsoft pushed out a cumulative update in preview, KB5007262, and under the listed fixes, a cure for this issue is present noting that it affects all types of storage medium.

    Microsoft said that KB5007262 “addresses an issue that affects the performance of all disks (NVMe, SSD, hard disk) on Windows 11 by performing unnecessary actions each time a write operation occurs. This issue occurs only when the NTFS USN journal is enabled. Note, the USN journal is always enabled on the C: disk.”

    As this is an optional (preview) update, you have to manually install it, and as with anything which is still officially in testing, it may also cause problems as well as solve them.

    The best course of action at this point is likely to wait, because this preview update arrived a few weeks back now, and the full (finalized) cumulative update will be available for Windows 11 users on Patch Tuesday for this month, which is this coming Tuesday, December 14.

    Analysis: A chance to turn over a new leaf squandered

    This is another of those alarming bugs which have blighted Windows 11, and made it an unpleasant experience performance-wise for a number of users. It’s worrying to learn that it affects all types of SSDs and even hard disks as well, considering how much of a speed reduction can be caused by the problem, but at least we know that the resolution is (theoretically) just around the corner now.

    Windows 11 has also witnessed a number of serious issues around performance on the desktop with File Explorer, and this is such a fundamental piece of the interface that it’s another very concerning facet of what seems to be misfiring QA (quality assurance) at Microsoft.

    That isn’t a new thing, and we’ve got used to this state of affairs with Windows 10, sadly. But it’s something we hoped might be rectified, given that Windows 11 could have been a new leaf for the software giant – but Microsoft certainly hasn’t got off on the right foot here, bug-wise. Indeed, these performance problems with drives and the UI were in evidence before Windows 11 was even released, so it’s not like Microsoft hasn’t had some time to get things right.

    Clearly, the drive issue was a thorny problem, and it’s better late than never with the fix – but we won’t stop banging the drum that Microsoft needs to do better when it comes to keeping its desktop operating systems in more bug-free shape than this.

    Read More

  • The pandemic has changed how SMBs work for good

    Digital and contactless payments will be essential to the continued success of SMBs in a post-pandemic world.

    Read More

  • Apple event live blog: new iPad Pro, iMac and more from today's big Apple launch

    Apple is set to reveal its new iPad Pro 2021 later today, and we're expecting a variety of other announcements too.

    Read More

  • Picks Awards at CES 2022 - entry deadline extended!

    With CES 2022 just a few days away, we're still looking to highlight the most exciting brands and launches at the show with the TechRadar Pro Picks Awards 2022.

    Thousands of new products are introduced at CES each year, and our prestigious Picks Awards program looks to offer the opportunity to stand apart from the crowd.

    And we've now extended our entry deadline to give you even more time - you can find all the details you need here!

    Innovate. Nominate. Celebrate.

    Winners will be recognized by the industry’s leading publications; TWICE, Residential Systems, and TechRadar Pro, and will receive now just editorial coverage but also an esteemed Picks Awards winners logo to use within advertising of the winning product, along with an awards trophy.

    Each entry costs $695, and your product must have been released during 2021, and cannot have been showcased at CES 2021 or included in Picks Awards 2021.

    Why enter?

    • Thousands of new products are introduced at CES each year. Help make yours stand out after the event has been and gone
    • Winners receive an award for display, and will be judged based on their potential impact to the consumer electronic industry
    • Every product nominated, whether chosen for an award or not, will be featured in the special Picks Awards Program Guide, to be distributed as a digital edition after the show

    So if you want to celebrate your new release at CES 2022, don’t miss out on this opportunity – the nomination deadline is December 31, 2021, 11:59 PM ET.

    ENTER HERE

    We look forward to receiving your nominations!

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us