CVE-2022-21907

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version, including 10 20H2, 10 21H1, 10 21H2, 10 1809, 11, Server 20H2, Server 2019, and Server versions up to 2022.

Description The issue is related to a buffer overflow in the memory of the HTTP Protocol Stack in Microsoft Windows, allowing remote attackers to execute arbitrary code. This can lead to the execution of malicious code. The vulnerability is classified as "wormable" by Microsoft, meaning already compromised systems can be used to further develop the attack.

Recommendations For Microsoft Windows versions prior to the fixed version, including 10 20H2, 10 21H1, 10 21H2, 10 1809, 11, Server 20H2, Server 2019, and Server versions up to 2022, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the HTTP Protocol Stack to minimize the risk of exploitation. Avoid using vulnerable functions or parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about additional mitigation measures.