IT Professionals,
Microsoft’s May 2021 Security Updates address four critical bugs; while all critical bugs should be patched quickly, one vulnerability is of particular importance due to its wormable nature. CVE-2021-31166 [1] is a Remote Code Execution (RCE) vulnerability that stems from an issue with the HTTP protocol-stack. This protocol-stack enables Windows and applications to communicate with other devices via HTTP. This vulnerability allows an unauthenticated attacker to send a specially crafted packet to a server utilizing HTTP. It requires no user interaction and the complexity of carrying out the attack is low.
Please immediately apply Microsoft’s May 2021 Security Updates to devices running the following versions of Windows Server or Windows 10:
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Thank you for your partnership in keeping IU secure.
–IT Community Partnerships on behalf of the University Information Security Office
[1] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166