A security vulnerability has been identified with HTTP Protocol Stack Remote Code Execution.
Read the Microsoft Security Update Guide https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907
These are key questions to assess your vulnerability:
How could an attacker exploit this vulnerability?
In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.
Is this wormable?
Yes. Microsoft recommends prioritizing the patching of affected servers.
Windows 10, Version 1909 is not in the Security Updates table. Is it affected by this vulnerability?
No, the vulnerable code does not exist in Windows 10, version 1909. It is not affected by this vulnerability.
Is the EnableTrailerSupport registry key present in any other platform than Windows Server 2019 and Windows 10, version 1809?
No, the registry key is only present in Windows Server 2019 and Windows 10, version 1809
Is your business cyber resilient? Do you have a cyber security partner to support you with low-cost high-impact cyber capability?
Reach out to speak to our CISO and security experts to ensure you are not vulnerable.