CVE-2021-31166

HTTP Protocol Stack Remote Code Execution Vulnerability

Recent assessments:

architect00 at May 12, 2021 8:18am UTC reported:

The vulnerability only affects newer versions of Windows 10 / Server. Version 20H2 and 2004 of Windows 10 and Windows Server Core installations are affected according to the Microsoft Advisory.

The semi-annual channel versions are not that common in bigger organisations. This affected my rating on attacker value. I would argue , that most of them use the LTSC of older Windows versions. The attacker value is not very low, because the vulnerability has the potential of being used for lateral movement in a computer worm. So this might still be relevant to use in smaller organisations.

Microsoft rates this vulnerability “Exploitation more likely”. This means that exploitation would be reliable and Microsoft ist aware of exploits in past for similar vulnerabilities. This affected my Exploitability scoring towards Easy on this vulnerability.

Sources:

<https://twitter.com/GossiTheDog/status/1392211087601410054&gt;
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166&gt;

jheysel-r7 at May 17, 2021 7:38pm UTC reported:

The vulnerability only affects newer versions of Windows 10 / Server. Version 20H2 and 2004 of Windows 10 and Windows Server Core installations are affected according to the Microsoft Advisory.

The semi-annual channel versions are not that common in bigger organisations. This affected my rating on attacker value. I would argue , that most of them use the LTSC of older Windows versions. The attacker value is not very low, because the vulnerability has the potential of being used for lateral movement in a computer worm. So this might still be relevant to use in smaller organisations.

Microsoft rates this vulnerability “Exploitation more likely”. This means that exploitation would be reliable and Microsoft ist aware of exploits in past for similar vulnerabilities. This affected my Exploitability scoring towards Easy on this vulnerability.

Sources:

<https://twitter.com/GossiTheDog/status/1392211087601410054&gt;
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166&gt;

nu11secur1ty at July 10, 2021 9:26pm UTC reported:

The vulnerability only affects newer versions of Windows 10 / Server. Version 20H2 and 2004 of Windows 10 and Windows Server Core installations are affected according to the Microsoft Advisory.

The semi-annual channel versions are not that common in bigger organisations. This affected my rating on attacker value. I would argue , that most of them use the LTSC of older Windows versions. The attacker value is not very low, because the vulnerability has the potential of being used for lateral movement in a computer worm. So this might still be relevant to use in smaller organisations.

Microsoft rates this vulnerability “Exploitation more likely”. This means that exploitation would be reliable and Microsoft ist aware of exploits in past for similar vulnerabilities. This affected my Exploitability scoring towards Easy on this vulnerability.

Sources:

<https://twitter.com/GossiTheDog/status/1392211087601410054&gt;
<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166&gt;

Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 4