Microsoft Patches Critical HTTP Flaw Tagged Wormable

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

Yesterday, Microsoft patched a critical flag tagged as wormable and identified affecting the latest desktop and server Windows versions including Windows 11 and Windows Server 2022.

A Wormable vulnerability means that the exploit could self propagate through a vulnerable network without user interaction.

In January Patch Tuesday update, Microsoft patched a critical bug tracked as CVE-2022-21907. With a CVSS score of 9.8, this critical vulnerability was discovered in the Windows HTTP protocol stack. It can be exploited by sending specially crafted packets to targeted servers that use the vulnerable HTTP protocol stack to process packets.

Meanwhile, Microsoft advises users to patch this vulnerability on all impacted servers as it could allow threat actors to remotely execute arbitrary code in low complexity attacks, and most use cases without needing user interaction.

According to Microsoft, In Windows Server 2019 and Windows 10 version 1809, the HTTP Trailer Support feature that contains the vulnerability is disabled by default.

The below-mentioned Windows registry key has to be configured on these two Windows versions to introduce the vulnerability.



This mitigation doesn’t apply to other affected Windows versions, Microsoft added.

Looking for more Microsoft news? Signup for our newsletter for the latest update

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This