Wormable vulnerability found in Windows HTTP Protocol Stack could result in malicious code execution on the OS kernel

Threat Level – Red | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

A wormable vulnerability (CVE-2021-31166) has been found in HTTP Protocol Stack used by the Windows Internet Information Services (IIS)  affecting WinRM on Windows 10 and Server systems. An attacker can exploit this vulnerability by sending a formatted package incorrectly and running malicious code directly on the OS kernel without any authentication.

Vulnerability Details

Patch Link



What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox