HTTP Stack Remote Code Execution Vulnerability (CVE-2022-21907) Alert

January 28, 2022

Overview On January 12, NSFOCUS CERT detected that Microsoft released a monthly security update, which fixed an HTTP protocol stack remote code execution vulnerability (CVE-2022-21907). A buffer overflow can occur due to a boundary error in the HTTP Trailer Support feature in the HTTP stack (HTTP.sys). An unauthenticated attacker can execute arbitrary code on a […]


Subscribe to the NSFOCUS Blog