Microsoft: New critical Windows HTTP vulnerability is wormable


Microsoft has patched a critical wormable flaw that was discovered to affect the most recent desktop and server Windows versions, including Windows 11 and Windows Server 2022.

The bug, identified as CVE202221907 and patched during this month’s Patch Tuesday, was discovered in the HTTP Protocol Stack (HTTP.sys), used as a protocol listener by the Windows IIS web server to process HTTP requests.

Read More…