Endpoint Vulnerability

Microsoft HTTP Protocol Stack CVE-2022-21907 Remote Code Execution Vulnerability

Description

Remote code execution via specially crafted HTTP packets against http.sys on Windows Server 2019 and Windows 10 1809 when EnableTrailerSupport is enabled; Windows 10 1909 is not affected.

Outbreak Alert

Microsoft's January 2022 Patch Tuesday contains updates on 97 security vulnerabilities, one of which is CVE-2022-21907 rated with 9.8 and can lead to a remote code execution.

View the full Outbreak Alert Report

Affected Applications

Windows 10
Windows 11
Windows Server 2019
Windows Server 2022
Windows Server version 20H2 (Server Core Installation)

Version Updates

Date	Version	Status	Detail
2022-01-12	1.00287	New	Windows 10,Windows 11,Windows Server 2019,Windows Server 2022,Windows Server version 20H2 (Server Core Installation)

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907

ID	70134
Created	Jan 11, 2022
Description Updated	Jan 10, 2026
CVE ID
Tags	WinHTTP Protocol Stack RCE Threat Signal
Risk
Coverage	FortiClient
OS	Windows
Vendor	Microsoft
Patch	auto
Application	Windows 10 , Windows 11 , Windows Server 2019 , Windows Server 2022 , Windows Server version 20H2 (Server Core Installation)

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Endpoint Vulnerability

Microsoft HTTP Protocol Stack CVE-2022-21907 Remote Code Execution Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Endpoint Vulnerability

Microsoft HTTP Protocol Stack CVE-2022-21907 Remote Code Execution Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Threat Intelligence
Center