This weekend cybersecurity researcher Axel
Souchet, proved with PoC code (Proof of concept) such as vulnerability
CVE-2021-31666 could be exploited. This demonstration shows how
vulnerability does not include a propagation capability, The demonstration teaches us
How you can cause a system affected by the vulnerability to crash
released a famous BSoD (Blue screen of death) through a DoS attack.
This vulnerability which has been attributed a severity
of 9,8 envelope 10 on the CVSSv3 scale, It was patched on the second Tuesday in May.
by Microsoft, in what is known as patch Tuesday. This vulnerability
Critical affects integrated server (IIS) Windows, This would allow the
attacker send malformed packets using the protocol (http.sys) What is it
the person in charge of processing HTTP requests and executing arbitrary code in
the kernel of the affected machine.
Although it may seem that the vulnerability is extremely
dangerous, only affects a small part of operating systems, being
these affected newer versions of Windows, This tells us that
Windows operating systems only 10 and Windows Server 2019 with versions
2004 and 20H2 are affected by the vulnerability, These versions being the
launched this past year, fact that tells us that very few environments of
production will be affected, since as a general rule in the environments of
Production works with more outdated versions of the systems
Operating. In case you have one of the versions of these operating systems
it is recommended that you turn off the iis service or deploy the latest
Operating System Security Patch.