CVE-2022-21907 PoC — Microsoft Windows 安全漏洞

Source

https://github.com/polakow/CVE-2022-21907

Associated Vulnerability

Title:Microsoft Windows 安全漏洞 (CVE-2022-21907)
Description:Microsoft Windows是美国微软（Microsoft）公司的一套个人设备使用的操作系统。 Microsoft Windows HTTP Protocol Stack存在安全漏洞。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Ser

Description

A REAL DoS exploit for CVE-2022-21907

Readme

# CVE-2022-21907

A REAL DoS exploit for CVE-2022-21907

It supports IPv4/IPv6/HTTP/HTTPS

## Affect
    - Windows
        - 10 Version 1809 for 32-bit Systems
        - 10 Version 1809 for x64-based Systems
        - 10 Version 1809 for ARM64-based Systems
        - 10 Version 21H1 for 32-bit Systems
        - 10 Version 21H1 for x64-based System
        - 10 Version 21H1 for ARM64-based Systems
        - 10 Version 20H2 for 32-bit Systems
        - 10 Version 20H2 for x64-based Systems
        - 10 Version 20H2 for ARM64-based Systems
        - 10 Version 21H2 for 32-bit Systems
        - 10 Version 21H2 for x64-based Systems
        - 10 Version 21H2 for ARM64-based Systems
        - 11 for x64-based Systems
        - 11 for ARM64-based Systems
    - Windows Server
        - 2019
        - 2019 (Core installation)
        - 2022
        - 2022 (Server Core installation)
        - version 20H2 (Server Core Installation)
--------
## Using the PoC
    - ./cve-2022-21907.py -t 192.168.0.13 -p 80 -v 4
--------
## Mitigations
    - Windows Server 2019 and Windows 10 version 1809 are not vulnerable by default. Unless you have enabled the HTTP Trailer Support via EnableTrailerSupport registry value, the systems are not vulnerable.
    - Delete the DWORD registry value "EnableTrailerSupport" if present under:
        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
    - This mitigation only applies to Windows Server 2019 and Windows 10, version 1809 and does not apply to the Windows 20H2 and newer.
--------
## FAQ
    - How could an attacker exploit this vulnerability?
        - In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.
    - Is this wormable?
        - Yes. Microsoft recommends prioritizing the patching of affected servers.
    - Windows 10, Version 1909 is not in the Security Updates table. Is it affected by this vulnerability?
        - No, the vulnerable code does not exist in Windows 10, version 1909. It is not affected by this vulnerability.
    - Is the EnableTrailerSupport registry key present in any other platform than Windows Server 2019 and Windows 10, version 1809?
        - No, the registry key is only present in Windows Server 2019 and Windows 10, version 1809

File Snapshot


 [4.0K]  /data/pocs/44d2c1be5611a25853bfff677bd5c4c494235ee9
├── [6.2K]  cve-2022-21907.py
├── [ 34K]  LICENSE
└── [2.3K]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!