As released by Microsoft here https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166 May 11. 2021, a critical exploit has been found in HTTP.sys.
The exploit means that any product using an unpatched HTTP.sys framework is vulnerable to attacks that will allow rogue code to be run, at elevated security levels on your server, basically rendering it completely unsafe.
The solution is to get your OS patched as soon as possible (as in NOW), or replace the use of HTTP.sys with another option, which, if you use kbmMW, could be to use kbmMW’s Indy server components instead.
However HTTP.sys makes for a high performance hugely scalable web server, so from a performance perspective (if you have hundreds of clients connecting concurrently), patching HTTP.sys is the better option.
1,163 total views, 1 views today