A critical vulnerability has been detected and is being addressed by the latest Windows update.
The latest versions of Windows 10 and Windows Server suffered from a vulnerability that has been recently detected and that is considered critical because of the problems it can give and its ability to block equipment. Fortunately, Microsoft has located the cause and is working to eliminate it from their operating systems.
As reported in TechRadar, this vulnerability numbered as CVE-2021-3166 was discovered in the HTTP protocol stack Used by the Windows Internet Information Services (IIS) web server while browsing. The problem is that it opens the door for hackers to process malware on users’ computers.
The ruling affects in particular the Windows 10 versions 2004 / 20H2 and Windows Server 2004 / 20H2. Reportedly, it is especially easy for professionals to cause a blue screen on computers.
A sample of what this vulnerability allows has been published by computer security researcher Alex Souchet. This professional you have created an exploit code that exploits the flaw in HTTP.sys to cause a denial of service capable of causing the dreaded Windows blue screen.
According to information posted by Souchet on GitHub, “The error itself occurs in http! UlpParseContentCoding where the function has a local LIST_ENTRY and adds an element to it. (…) The problem with this is that an attacker can activate a code path that frees all the entries in the local list by leaving them hanging on the Request object.“. Definitely, It has not been particularly difficult for him to block the computers with his exploit.
Fortunately, Microsoft has worked quickly to fix the problem and the latest Windows 10 update avoids the vulnerability. In principle you should already have it on your computer, but if you want to check it, go to Windows Update and make sure you have the latest available version installed.