Identification: CVE-2021-31166
Score: 9.8 from 10
Risk factor: Highly dangerous
Type of vulnerability: remote code execution
Type of the bug: use-after-free in the http!UlpParseContentCoding of HTTP.sys drive
Date of releasing the patch by Microsoft: 11-5-2021
This bug is known as “CVE-2021-31166” is found in HTTP Protocol Stack (HTTP.sys) and is used by Windows Internet Information Services (IIS) web server as a listener to process HTTP requests.
According to Microsoft’s recommendation, it’s required to update and install patches on all vulnerable servers with the highest preference because in most cases, this bug lets attackers remotely execute their desired codes on the victims’ system.
Vulnerable versions
- Windows 10 version 2004
- Windows 10 version 20H2
- Windows Server version 2004
- Windows Server version 20H2
Security recommendation
You can install the following patch and fix this vulnerability: