Advisory: Wormable Windows HTTP Bug

12th January 2022 | Advisory, Blog

January 12th, 2022: Today Microsoft sent a notification of a critical risk to those who use Windows devices. The critical bug is CVE-2022-21907, also known as HTTP Protocol Stack Remote Code Execution Vulnerability. CyberHoot believes this vulnerability to be significant enough to issue one of our rare cybersecurity advisories to help make administrators aware.

Windows Critical Risk

This bug is one of seven critical fixes released this month by Microsoft. It closes a security hole that could lead to remote code execution (RCE), meaning someone outside your network could trick a computer inside your network into running a program without asking for permission first. There is no pop-up shown at all to the user asking them for permission (Yes or No). The hackers simply give a command to the vulnerable computer and the malware runs.

Most RCE vulnerabilities are wormable, giving the RCE bug the ability to spread quickly to other machines. In other words, a hacker can use the vulnerability to locate and infect a victim’s computer (Victim 1) with the malware, then instruct Victim 1 to locate and infect another victim (Victim 2) with that same malware. That 2nd machine then tries to locate Victim 3…and so on, perhaps forever.

What Does Windows Vulnerability Mean for SMBs and MSPs?

It means you should update your Windows devices as soon as possible. Always be on the lookout for the Microsoft Patch Tuesday for critical patches to your devices.

Warning on all New Patches

As with any Microsoft patch, there are potential downsides to installing these patches immediately. While the risk of RCE is present, know that CyberHoot is hearing that a remote access protocol known as L2TP breaks with this month’s round of patches installed. If you’re using LT2P do your research and determine if there are other ways to mitigate this risk. For more details on the L2TP break, read this article.