HTTP Protocol Stack Remote Code Execution Vulnerability
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows 10 2004
OSMicrosoft< 10.0.19041.982Microsoft Windows 10 20h2
OSMicrosoft< 10.0.19042.982Microsoft Windows Server 2004
OSMicrosoft< 10.0.19041.982Microsoft Windows Server 20h2
OSMicrosoft< 10.0.19042.982
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- HTTP Protocol Stack
- Added to KEVi
- April 6, 2022
- Remediation deadline (US Federal)i
- April 27, 2022(overdue)
Required action (CISA)i
Apply updates per vendor instructions.
CISA descriptioni
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 27 kwietnia 2022
Tags
RCEMemory
Related vulnerabilities
CVE-2022-35744CRITICAL9.8ten sam produkt
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
CVE-2023-24943CRITICAL9.8ten sam produkt
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-21554CRITICAL9.8ten sam produkt
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2023-28250CRITICAL9.8ten sam produkt
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-21708CRITICAL9.8ten sam produkt
Remote Procedure Call Runtime Remote Code Execution Vulnerability