Critical HTTP vulnerability in Windows
This vulnerability has been registered as CVE-2022-21907. It was discovered in the HTTP protocol stack (HTTP.sys), which is responsible for processing HTTP requests by the Windows web server. This bug has already been patched with the latest updates from Microsoft, so it is very important to install those patches.
In order for a hacker to exploit this vulnerability, they need to deliver maliciously crafted packages to specific Windows servers. These servers have to use the HTTP protocol stack, which is vulnerable, to be able to process those packets.
From MicrosoftAs it could not be otherwise, it recommends that users update this error as soon as possible on all affected servers. Otherwise, cybercriminals could take advantage of it and execute arbitrary code remotely. All this, in addition, without requiring the interaction of the victim.
In addition to patches, Microsoft also advises that it is possible to protect some versions of Windows, such as Windows Server 2019 or Windows 10 1809, by disable HTTP Trailer Support feature. However, this option does not apply to other versions that will need to be updated as soon as possible.
Microsoft also reports that they are not aware of this vulnerability being exploited. Now that it has been made public, it is essential that we have the latest versions installed and with all the patches available so that they cannot take advantage of this flaw and attack us.
How to be protected
Vulnerabilities appear constantly. It is something that affects Windows, but also any other operating system that we use, programs or online services. To correct these bugs, it is best that we always keep all the updates installed. This is the best way to maintain security and prevent a hacker from attacking us.
In the case of Windows, we have to go to Start, we enter Settings, we will Update and security and, there, we will see if there are pending updates. We simply have to click Install now and all those patches and improvements will be applied to our system.
This is something that we should check periodically. In addition, we must check it in any program that we have installed. There can always be bugs like this one that we have seen affecting Windows. Luckily, the developers themselves release security patches when they are aware of a bug and that allows us to take action as soon as possible to correct them.
Our advice, in addition, is to have security programs that protect the system. You even have to take steps to protect your remote desktop in Windows. We must avoid giving facilities to hackers so that they cannot launch attacks and steal our information.