Researcher Names: mxms
Link: https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166
Remote use-after-free in windows kernel HTTP server. Yes, Microsoft is still running an HTTP server in the kernel, and it is 2021. This exploit proves that the driver has vulnerabilities that are triggerable in a 1-line PoC (https://github.com/0vercl0k/CVE-2021-31166/blob/main/cve-2021-31166.py). Did we mention that HTTP.sys is listening by default on many Windows services, even on client machines?