HTTP Protocol Stack Remote Code Execution Vulnerability

On 11th January 2022 (as part of patch Tuesday) Microsoft released patches for 97 CVE-numbered vulnerabilities, including a wormable remote code execution in Windows Server (CVE-2022-21907). This means an attacker could utilise the HTTP Protocol Stack (http.sys) on a server inside your network to run malicious code without asking for permission first. The vulnerability has … Read more