A new flaw classified as critical puts the security of Windows at risk. It affects the latest versions of both desktop and server, such as Windows 11 and Windows Server 2022. It is an HTTP vulnerability that can be exploited and makes it essential that users carry out the necessary updates to correct the problem and thus maintain security.
Critical HTTP vulnerability in Windows
This vulnerability has been registered as CVE-2022-21907 . It was discovered in the HTTP protocol stack (HTTP.sys), which is responsible for processing HTTP requests by the Windows web server. This bug has already been patched with the latest updates from Microsoft, so it is very important to install those patches.
In order for a hacker to exploit this vulnerability, it is necessary for them to send maliciously crafted packages to specific Windows servers. These servers have to use the HTTP protocol stack , which is vulnerable, in order to process those packets.
From Microsoft , how could it be otherwise, recommends that users update this error on all affected servers as soon as possible. Otherwise, cybercriminals could take advantage of it and execute arbitrary code remotely. All this, moreover, without requiring the interaction of the victim.
In addition to patches, Microsoft also reports that it is possible to protect some versions of Windows, such as Windows Server 2019 or Windows 10 1809, by disabling the HTTP Trailer Support feature . However, this option does not apply to other versions that will need to be updated as soon as possible.
Microsoft also reports that they are not aware of this vulnerability being exploited. Now that it has been made public, it is essential that we have the latest versions installed and with all the patches available so that they cannot take advantage of this flaw and attack us.
How to be protected
Vulnerabilities appear constantly. It is something that affects Windows, but also any other operating system that we use, programs or online services. To correct these errors, it is best that we always keep all the updates installed. This is the best way to maintain security and prevent a hacker from attacking us.
In the case of Windows, we have to go to Start, we enter Settings, we go to Update and security and, there, we will see if there are pending updates. We simply have to hit Install Now and all those patches and improvements will be applied to our system.
This is something that we should check periodically. In addition, we must review it in any program that we have installed. Errors like this one that we have seen that affect Windows can always arise. Luckily, the developers themselves release security patches when they are aware of a bug and that allows us to take action as soon as possible to correct them.
Our advice, in addition, is to have security programs that protect the system. You even have to take measures to protect the remote desktop in Windows. We must avoid giving facilities to hackers so that they cannot launch attacks and steal our information.