Skip to main content

Security Alert: Microsoft Remote Code HTTP Vulnerability

Date:
2021-05-12 11:34:00
Status:
Closed
Brief Description:
Microsoft disclosed vulnerability: CVE-2021-31166 - HTTP Protocol Stack Remote Code Execution. This vulnerability could allow an unauthenticated attacker to execute arbitrary code on a system. Updates are available and should be installed immediately.
Current Status:
N/A
Services Affected:
Not Applicable
Full Description:
Microsoft disclosed vulnerability: CVE-2021-31166 - HTTP Protocol Stack Remote Code Execution. This vulnerability could allow an unauthenticated attacker to execute arbitrary code on a system. Updates are available and should be installed immediately.

This vulnerability affects the following Windows versions:
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)
Windows Server, version 2004 (Server Core installation)

Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 2004 for ARM64-based Systems

For managed endpoint customers, updates are available for install and will be required to be installed by Friday, May 14th. Non-managed endpoint customers should follow their unit's normal update procedures or download the updates direct from Microsoft.

External links:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166
CIT TDX ID: