Wormable Windows 11 vulnerability could let malware spread like wildfire

Microsoft addresses flaw in its January Patch Tuesday release

by 9SIX
Wormable Windows 11 Vulnerability Could Let Malware Spread Like Wildfire

Microsoft says it has found and patched, a critical wormable flaw, affecting Windows 11 and Windows Server 2022.

The flaw was found in the HTTP Protocol Stack, which is used for processing HTTP requests by the Windows Internet Information Services web server.

So far, there were no discoveries of the flaw being abused in the wild through malware, nor have there been any proof of concepts. However, Microsoft still urges everyone not to postpone the security patches, as the flaw is still quite potent. It allows unauthenticated attackers to execute arbitrary code, remotely, without much user interaction.

Danger to home users

To exploit it, a malicious actor would need to craft, and send, a specifically designed packet to the Windows server that uses the vulnerable HTTP Protocol Stack. The lucky break is that Windows Server 2019 and Windows 10 v. 1809 don’t have the flawed HTTP Trailer Support feature turned on by default.

Explaining the flaw and how it works, Microsoft says this registry key needs to be configured on vulnerable operating systems for the flaw to work:



To protect vulnerable devices, disabling the HTTP Trailer Support feature will suffice.

Microsoft noted that most companies are probably secure, as they rarely rush to install the latest Windows versions on their endpoints.

Home users, on the other hand, should be careful and make sure to apply the patch as soon as possible. Having a VPN, as well as an up-to-date antivirus solution, is advised.

The vulnerability is tracked as CVE-2022-21907. Microsoft patched it during this month’s Patch Tuesday, which altogethe raddressed s a total of six zero-days, and almost 100 different flaws.

Of those, Microsoft fixed 41 vulnerabilities related to privilege escalation, nine security feature bypass vulnerabilities, 29 remote code execution vulnerabilities, six information disclosure vulnerabilities, and nine denial of service vulnerabilities. The company also fixed three flaws related to spoofing.

You might also want to check out our list of the best ransomware protection right now

Source: techradar

logo lb webp

Copyright @2024 Developed by Plamen Alexandrov

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept