#VU59392 Buffer overflow in Microsoft products - CVE-2022-21907

Cybersecurity Help s.r.o.

Published: 2022-01-11 | Updated: 2024-10-25

Vulnerability identifier: #VU59392

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2022-21907

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system
Microsoft IIS
Server applications / Web servers

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the HTTP Trailer Support feature in HTTP Protocol Stack (http.sys). A remote attacker can send a specially crafted HTTP request to the web server, trigger a buffer overflow and execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Windows: 10 20H2 10.0.19042.572, 10 21H1 10.0.19043.985, 10 1809 10.0.17763.1, 11 21H2 10.0.22000.194

Windows Server: 2019 10.0.17763.1 - 2019 20H2, 2022 10.0.20348.202

Microsoft IIS: 10.0

External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21907

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell Unisphere for PowerMax, Dell Solutions Enabler, Dell Unisphere 360 and Dell VASA Provider

Remote code execution in Windows HTTP Protocol Stack