Tag :
Cyber Security

1. Summary

Vulnerability Name HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)
Release Time January 13, 2022
Component Name http.sys
Affected Versions Windows 10, 11
Windows Server 2019, 2022, 20H2
See Section 3 Affected Versions for details
Vulnerability Type Remote Code Execution
Exploitability Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Impact Severity: CVSS v3 Base Score: 9.8 (Critical)
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

2. About CVE-2022-21907

2.1 Introduction

The Windows HTTP stack (http.sys) is a kernel driver for processing HTTP requests in Windows servers and clients, commonly used in communication between web browsers and web servers and in Internet Information Services (IIS).

2.2 Summary

On January 13, 2022, Sangfor FarSight Labs received a notice about the HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907). A buffer overflow can occur due to a boundary error in the HTTP Trailer Support feature in the HTTP protocol stack (http.sys). An unauthorized attacker can trigger a buffer overflow by sending specially crafted HTTP packets to a web server utilizing the HTTP Protocol Stack (http.sys) to process packets, thereby executing arbitrary code on the target system or causing a denial of service.

Microsoft describes this vulnerability as “wormable”, meaning that an attack can spread from one vulnerable system to another on a network without human interaction.

Exploits of CVE-2022-21907

Figure 1. Exploits of CVE-2022-21907 detected by Sangfor from August 28 to September 27, 2022

3. Affected Versions

Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)

4. Solutions

4.1 Remediation Solutions

4.1.1 Check the System Patch Installation

Run "systeminfo" in a CMD window and it will display a list of details about the system, including what patches are installed, as shown below.

Remediation Solutions 1

Check if the patch corresponding to your OS is installed. Patches for affected OS versions can be found in the link below: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907

Remediation Solutions 2

If the patch is not installed, proceed to "4.1.2 Microsoft Solution" to download and install the patch.

4.1.2 Microsoft Solution

Microsoft has released a patch for affected OS versions to fix this vulnerability. Please download the patch corresponding to the affected OS from the following link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907

4.2 Sangfor Solutions

4.2.1 Security Monitoring

The following Sangfor products and services perform real-time monitoring of assets affected by the HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907): 

4.2.2 Security Protection

The following Sangfor products and services provide protection against the HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907): 

5. Timeline

On January 13, 2022, Sangfor FarSight Labs received a notice about the HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907).

On January 13, 2022, Sangfor FarSight Labs released a vulnerability alert with remediation solutions.

6. Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907

7. Learn More

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2024-47575: Fortinet FortiManager Authentication Vulnerability

Date : 25 Oct 2024
Read Now

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-40766: SonicWALL SonicOS Access Control Flaw Vulnerability

Date : 12 Sep 2024
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure

Meet the Author

About Sangfor

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail