virus logo Intrusion Prevention

MS.Windows.HTTP.sys.UlpParseAcceptEncoding.Use.After.Free

description-logoDescription

This indicates an attack attempt to exploit a Use After Free Vulnerability in Microsoft Windows HTTP.sys.
The vulnerability is due to insufficient handling of certain HTTP requests handled by Microsoft Windows HTTP.sys. A remote, authenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could result in the execution of arbitrary code.

affected-products-logoAffected Products

Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 20H2 (Server Core Installation)

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-04-18 27.771 Sig Added
2022-02-03 19.253 Sig Added
2021-06-08 18.094 Sig Added
2021-05-20 18.083 Default_action:pass:drop
2021-05-11 18.078

References

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166
ID 50338
Created May 11, 2021
Updated Apr 18, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2021-31166
Known Exploited Yes
Exploit Prediction Score 97.32%
Default Action drop
Active
Affected OS Windows
Affected App Other