Microsoft Patches Critical HTTP Flaw Tagged Wormable

Must Read
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. In her free time, she is a modest family woman who loves traveling.

Yesterday, Microsoft patched a critical flag tagged as wormable and identified affecting the latest desktop and server Windows versions including Windows 11 and Windows Server 2022.

A Wormable vulnerability means that the exploit could self propagate through a vulnerable network without user interaction.

In January Patch Tuesday update, Microsoft patched a critical bug tracked as CVE-2022-21907. With a CVSS score of 9.8, this critical vulnerability was discovered in the Windows HTTP protocol stack. It can be exploited by sending specially crafted packets to targeted servers that use the vulnerable HTTP protocol stack to process packets.

Meanwhile, Microsoft advises users to patch this vulnerability on all impacted servers as it could allow threat actors to remotely execute arbitrary code in low complexity attacks, and most use cases without needing user interaction.

According to Microsoft, In Windows Server 2019 and Windows 10 version 1809, the HTTP Trailer Support feature that contains the vulnerability is disabled by default.

The below-mentioned Windows registry key has to be configured on these two Windows versions to introduce the vulnerability.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\ 

"EnableTrailerSupport"=dword:00000001

This mitigation doesn’t apply to other affected Windows versions, Microsoft added.

Looking for more Microsoft news? Signup for our newsletter for the latest update

spot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -spot_img
Latest News

Oracle Opens New Cloud Region in Johannesburg, South Africa

Oracle announced the opening of its new cloud region in Johannesburg, South Africa. The new cloud region at Johannesburg is...
- Advertisement -spot_img

More Articles Like This