Security advisories

CVE-2021-31166 PoC Released

May 17, 2021 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On May 16th, 2021, a security researcher released Proof-of-Concept (PoC) exploit code for the Windows IIS server vulnerability CVE-2021-31166 (CVSS: 9.8). With this release, eSentire assesses widespread exploitation of this vulnerability is imminent.

CVE-2021-31166 was publicly announced on May 11th, 2021. Exploitation may allow for either Denial of Service (DoS) or Remote Code Execution (RCE). The currently available PoC exploit code demonstrates a DoS attack. Organizations are strongly recommended to apply security patches for this vulnerability as exploitation is expected.

What we’re doing about it

What you should do about it

Additional information

CVE-2021-31166 is especially concerning as it is considered to be a wormable vulnerability. Wormable vulnerabilities can be abused to allow for automatic spread between vulnerable systems.

In an attack scenario, a threat actor could exploit this vulnerability by sending a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. Exploitation is considered simple, increasing the likelihood of exploitation in the immediate future.

eSentire produced an advisory on May 11th, with information on CVE-2021-31166 and other high severity vulnerabilities from Microsoft’s May Patch Tuesday release.

Impacted products:

References:

[1] https://github.com/0vercl0k/CVE-2021-31166
[2] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166
[3] https://www.esentire.com/security-advisories/microsoft-patches-critical-vulnerabilities

View Most Recent Advisories