CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2021-31166

CVSS 9.8v3.1pub. 2021-05-11upd. 2025-10-30

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Windows 10 2004

    OS
    Microsoft
    < 10.0.19041.982
  • Microsoft Windows 10 20h2

    OS
    Microsoft
    < 10.0.19042.982
  • Microsoft Windows Server 2004

    OS
    Microsoft
    < 10.0.19041.982
  • Microsoft Windows Server 20h2

    OS
    Microsoft
    < 10.0.19042.982

CISA KEV — detailsi

Vendori
Microsoft
Producti
HTTP Protocol Stack
Added to KEVi
April 6, 2022
Remediation deadline (US Federal)i
April 27, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 27 kwietnia 2022
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2022-35744CRITICAL9.8ten sam produkt

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

CVE-2023-24943CRITICAL9.8ten sam produkt

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVE-2023-21554CRITICAL9.8ten sam produkt

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2023-28250CRITICAL9.8ten sam produkt

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVE-2023-21708CRITICAL9.8ten sam produkt

Remote Procedure Call Runtime Remote Code Execution Vulnerability