Patching Wormable Windows HTTP Protocol Stack Vulnerability (CVE-2021-31166) using SanerNow


    Microsoft recently patched a critical Remote Code Execution vulnerability in the HTTP Protocol Stack (http.sys) used by the Windows built-in IIS server for processing the HTTP requests. The vulnerability is assigned with an identifier CVE-2021-31166 and has a CVSS score of 9.8. Successful exploitation of this vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on the affected systems or can even cause a denial of service (BSOD).

    CVSS v3.0 Severity and Metrics:
    Base Score: 9.8 CRITICAL

    CVSS v2.0 Severity and Metrics:
    Base Score: 7.5 HIGH

    Affected software:

    Microsoft Windows 10 Version 2004
    Microsoft Windows 10 Version 20H2
    Microsoft Windows Server, version 2004 (Server Core installation)
    Microsoft Windows Server, version 20H2 (Server Core Installation)


    To address this vulnerability, the vendor has released security patches. For more information, please refer to our blog

    Use SanerNow platform to apply this critical patch quickly across the organization as shown below.

    SanerNow: Vulnerability detection and patching of HTTP Protocol Stack:

    1. Login to SanerNow platform

    2. Switch to the account/site specific view and Go to 'VM tool'

    3. If your Windows Operation System is vulnerable, Saner lists the CVE-2021-31166 in 'Top Vulnerabilities' or 'Recently Discovered Vulnerabilities' as shown in the below diagram


    4. Search for this vulnerability in VM tool. If you are affected, apply the patch through PM -> Missing Patches

    5. Select 'Groups/Devices' in the 'Asset Source' section and click 'Apply'.

    6. Select the 'Windows OS' product from the 'Asset' section as shown in the below diagram.


    7. Select 'Apply Selected Patches' at the rightmost corner. This will prompt for 'Creating Patching Task'. Fill in 'Task Name' and 'Remediation Schedule' as per your preference and click on 'Apply Selected Patches' as shown below,


    8. Remediation job will be created, which will fix the vulnerabilities by upgrading the Operating system to the latest build version.
    9. Once remediation is done, the Saner agent automatically scans again and upload the result to SanerNow as shown below,


    Was this article helpful?
    0 out of 0 found this helpful