As a part of their usual process of Patch Tuesday, Microsoft has released patches to mitigate security flaws in products such as Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business.
A new Windows network Remote Code Execution (RCE) zero-day exploit – CVE-2021-31166, has been in the news since Patch Tuesday. This vulnerability allows an unauthenticated attacker to remotely execute code as kernel. This is a wormable vulnerability where an attacker can send a malicious crafted packet to the target impacted web server. This critical vulnerability is rated 9.8/10 on the CVSS scale.
Affected devices
- Windows Server, version 20H2 (Server Core Installation)
- Windows 10 Version 20H2 for ARM64-based Systems
- Windows 10 Version 20H2 for 32-bit Systems
- Windows 10 Version 20H2 for x64-based Systems
- Windows Server, version 2004 (Server Core installation)
- Windows 10 Version 2004 for x64-based Systems
- Windows 10 Version 2004 for ARM64-based Systems
- Windows 10 Version 2004 for 32-bit Systems
Mitigations
Microsoft has released a separate advisory to address the vulnerability.
Qualys Detection
Qualys customers can scan their network with QID 91767 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on latest vulnerabilities.
References and Sources
https://thehackernews.com/2021/05/latest-microsoft-windows-updates-patch.html
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166