Skip to main content

Wormable Windows 11 vulnerability could let malware spread like wildfire

Windows 11 weather widget
(Image credit: Microsoft)

Microsoft says it has found and patched, a critical wormable flaw, affecting Windows 11 and Windows Server 2022. 

The flaw was found in the HTTP Protocol Stack, which is used for processing HTTP requests by the Windows Internet Information Services web server.

So far, there were no discoveries of the flaw being abused in the wild through malware, nor have there been any proof of concepts. However, Microsoft still urges everyone not to postpone the security patches, as the flaw is still quite potent. It allows unauthenticated attackers to execute arbitrary code, remotely, without much user interaction.

Danger to home users

To exploit it, a malicious actor would need to craft, and send, a specifically designed packet to the Windows server that uses the vulnerable HTTP Protocol Stack. The lucky break is that Windows Server 2019 and Windows 10 v. 1809 don’t have the flawed HTTP Trailer Support feature turned on by default. 

Explaining the flaw and how it works, Microsoft says this registry key needs to be configured on vulnerable operating systems for the flaw to work:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\ 

"EnableTrailerSupport"=dword:00000001

To protect vulnerable devices, disabling the HTTP Trailer Support feature will suffice. 

Microsoft noted that most companies are probably secure, as they rarely rush to install the latest Windows versions on their endpoints

Home users, on the other hand, should be careful and make sure to apply the patch as soon as possible. Having a VPN, as well as an up-to-date antivirus solution, is advised.

The vulnerability is tracked as CVE-2022-21907. Microsoft patched it during this month’s Patch Tuesday, which altogethe raddressed s a total of six zero-days, and almost 100 different flaws. 

Of those, Microsoft fixed 41 vulnerabilities related to privilege escalation, nine security feature bypass vulnerabilities, 29 remote code execution vulnerabilities, six information disclosure vulnerabilities, and nine denial of service vulnerabilities. The company also fixed three flaws related to spoofing.

You might also want to check out our list of the best ransomware protection right now

Via BleepingComputer