Jon Alexander - Creative Commons 2.0

As released by Microsoft here https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166 May 11. 2021, a critical exploit has been found in HTTP.sys.

The exploit means that any product using an unpatched HTTP.sys framework is vulnerable to attacks that will allow rogue code to be run, at elevated security levels on your server, basically rendering it completely unsafe.

The solution is to get your OS patched as soon as possible (as in NOW), or replace the use of HTTP.sys with another option, which, if you use kbmMW, could be to use kbmMW’s Indy server components instead.

However HTTP.sys makes for a high performance hugely scalable web server, so from a performance perspective (if you have hundreds of clients connecting concurrently), patching HTTP.sys is the better option.

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.