CVE-2021-31166

Name of the Vulnerable Software and Affected Versions Microsoft HTTP Protocol Stack versions prior to the fixed version

Description The issue is related to a memory usage problem after memory release in the HTTP Protocol Stack of Microsoft Windows operating systems. This can be exploited by a remote attacker using a specially crafted HTTP request to execute arbitrary code. The vulnerability has a critical threat level and can potentially serve as the basis for creating a network worm. It is estimated that many devices are not updated in a timely manner, which may lead to new attacks based on this issue.

Recommendations For Microsoft HTTP Protocol Stack versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the HTTP protocol stack to minimize the risk of exploitation. Avoid using the vulnerable HTTP protocol stack until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.