Skip to main content

Wormable Windows 11 vulnerability could let malware spread like wildfire

Windows 11 weather widget
(Image credit: Microsoft)
Audio player loading…

Microsoft says it has found and patched, a critical wormable flaw, affecting Windows 11 and Windows Server 2022. 

The flaw was found in the HTTP Protocol Stack, which is used for processing HTTP requests by the Windows Internet Information Services web server.

So far, there were no discoveries of the flaw being abused in the wild through malware (opens in new tab), nor have there been any proof of concepts. However, Microsoft still urges everyone not to postpone the security patches, as the flaw is still quite potent. It allows unauthenticated attackers to execute arbitrary code, remotely, without much user interaction.

Danger to home users

To exploit it, a malicious actor would need to craft, and send, a specifically designed packet to the Windows server that uses the vulnerable HTTP Protocol Stack. The lucky break is that Windows Server 2019 and Windows 10 v. 1809 don’t have the flawed HTTP Trailer Support feature turned on by default. 

Explaining the flaw and how it works, Microsoft says this registry key needs to be configured on vulnerable operating systems for the flaw to work:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\ 

"EnableTrailerSupport"=dword:00000001

To protect vulnerable devices, disabling the HTTP Trailer Support feature will suffice. 

Microsoft noted that most companies are probably secure, as they rarely rush to install the latest Windows versions on their endpoints (opens in new tab)

Home users, on the other hand, should be careful and make sure to apply the patch as soon as possible. Having a VPN, as well as an up-to-date antivirus solution (opens in new tab), is advised.

The vulnerability is tracked as CVE-2022-21907. Microsoft patched it during this month’s Patch Tuesday, which altogethe raddressed s a total of six zero-days, and almost 100 different flaws. 

Of those, Microsoft fixed 41 vulnerabilities related to privilege escalation, nine security feature bypass vulnerabilities, 29 remote code execution vulnerabilities, six information disclosure vulnerabilities, and nine denial of service vulnerabilities. The company also fixed three flaws related to spoofing.

You might also want to check out our list of the best ransomware (opens in new tab) protection right now

Via BleepingComputer (opens in new tab)

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.