banner
Jan 14, 2022
9 Views
0 0

Microsoft pushes patch for wormable HTTP vulnerability, exploitation undetected so far

Written by
banner

CVE-2022-21907 echoes CVE-2015-1635, which impacted Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2. Through the remote code execution vulnerability, attackers could leverage specially crafted HTTP requests.  
The complexity of an attack using CVE-2022-21907 is relatively low, which heightens the severity of the vulnerability. 
While the vulnerability is for servers, Windows users who run http.sys are also impacted. If an attacker can run code using http.sys, organizations can face broad system compromise, according to Johannes Ullrich, the dean of research for SANS Technology Institute and founder of the Internet Storm Center, in an emailed statement to Cybersecurity Dive. 
By disabling the HTTP Trailer Support feature, the two versions will be protected. Windows Server 2019 and Windows 10 version 1809had a registry key set by default disabling the feature. All later versions are vulnerable ‘out of the box,'” Ullrich said. 
Web application firewalls will likely help block requests with trailers, Ullrich said. He recommends companies “log them first to see if you see legitimate uses.”
If a company has internet information services (IIS) disabled for Windows Server, it might be safe from the vulnerability. However, Ullrich warns “a vulnerability in http.sys. is probably best described as the core HTTP engine inside IIS.” 
Other software, including Windows Remote Management and Web Services for Devices, run http.sys, which could expose CVE-2022-21907. 
Follow on Twitter
Get the free daily newsletter read by industry experts
Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News
banner

Comments are closed.