{"id":304,"date":"2021-05-21T00:13:00","date_gmt":"2021-05-21T00:13:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=304"},"modified":"2024-01-09T15:36:26","modified_gmt":"2024-01-09T23:36:26","slug":"cve-2021-31166","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/","title":{"rendered":"Vulnerability Notice: Patch CVE-2021-31166"},"content":{"rendered":"\n<p>In its Patch Tuesday release for May 2021 Microsoft released guidance and a patch for&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-31166\">CVE-2021-31166<\/a>. We\u2019ve been tracking the research on it, and recommend that those with this vulnerability on their Microsoft IIS servers patch it immediately.&nbsp;<\/p>\n\n\n\n<p>To give you a little insight, there are a few reasons that this particular vulnerability has warranted the additional research&nbsp;<a href=\"https:\/\/therecord.media\/poc-released-for-wormable-windows-iis-bug\/\">from the industry<\/a>&nbsp;and our team:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>It\u2019s a critical vulnerability:&nbsp;<\/strong>This vulnerability would let an attacker take control of an affected system and shut them down (even without remote code execution (RCE)), and is wormable, so could be used to move across the internal network.<\/li>\n\n\n\n<li><strong>Discovery of these servers is easy:<\/strong>&nbsp;The discovery of potentially vulnerable servers by attackers is very easy, and IIS servers are pretty common.<\/li>\n\n\n\n<li><strong>POC exploit code has been released:<\/strong>&nbsp;The first proof-of-concept (POC) exploit code has been released, which generally is the first step before there are more attempts at exploitation. The POC can result in a denial of service (DOS), and is relatively easy to exploit.<\/li>\n\n\n\n<li><strong>But RCE is difficult:<\/strong>&nbsp;It is not trivial to transform this into an RCE as it requires crafting careful memory manipulations, but some groups could and would accomplish this.<\/li>\n\n\n\n<li><strong>And it\u2019s only on newer Windows servers:<\/strong>&nbsp;This vulnerability is only applicable to more recent versions of these Windows servers, including Windows 10 2004 and 20H2, and Windows Server 2004 and 20H2. Basically, the Windows 10 and Windows Server OS versions released last year.<\/li>\n<\/ul>\n\n\n\n<p>Given the rise in\u00a0ransomware, and the wormability of this vulnerability, it\u2019s a good time to check your IIS servers and make sure that for those newer Windows 10 servers affected that CVE-2021-31166 has been patched. Let\u2019s get it off of those systems before attackers find a way to exploit it.\u00a0\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What to do next&#8230;<\/h2>\n\n\n\n<p>If you\u2019re not yet familiar with CyCognito,&nbsp;<a href=\"\/demo\/\">sign up for a demo<\/a>&nbsp;and let us show you all of your IIS servers. The ones you know about, and the ones you don\u2019t.<\/p>\n\n\n\n<p>Our platform takes the attackers\u2019 perspective to help you dramatically reduce your overall business risk and increase efficiency. With no deployment required, it autonomously discovers and maps your organization\u2019s entire attack surface, including previously unknown assets in on-premises, cloud, partner and&nbsp;subsidiary environments. With an understanding of the business context of your assets and what is most attractive to attackers, it then detects and prioritizes your organization\u2019s most easily exploitable exposures, the attackers\u2019 paths of least resistance. Your security team knows where to focus first to eliminate those risks, while prescriptive remediation guidance and efficient validation speed their work.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>New Vulnerability Patch. Check your IIS servers and make sure that for those newer Windows 10 servers affected that CVE-2021-31166 has been patched.<\/p>\n","protected":false},"author":14,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[103,57],"class_list":["post-304","post","type-post","status-publish","format-standard","hentry","category-research","tag-cve-2021-31166","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Vulnerability Notice: Patch CVE-2021-31166 | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerability Notice: Patch CVE-2021-31166 | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"New Vulnerability Patch. Check your IIS servers and make sure that for those newer Windows 10 servers affected that CVE-2021-31166 has been patched.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-21T00:13:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-09T23:36:26+00:00\" \/>\n<meta name=\"author\" content=\"Alex Zaslavsky\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alex Zaslavsky\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/\"},\"author\":{\"name\":\"Alex Zaslavsky\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/a66518132b1efe6e5d21fd429128a953\"},\"headline\":\"Vulnerability Notice: Patch CVE-2021-31166\",\"datePublished\":\"2021-05-21T00:13:00+00:00\",\"dateModified\":\"2024-01-09T23:36:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/\"},\"wordCount\":451,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"keywords\":[\"CVE-2021-31166\",\"Vulnerability\"],\"articleSection\":[\"Research\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/\",\"name\":\"Vulnerability Notice: Patch CVE-2021-31166 | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"datePublished\":\"2021-05-21T00:13:00+00:00\",\"dateModified\":\"2024-01-09T23:36:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerability Notice: Patch CVE-2021-31166\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/a66518132b1efe6e5d21fd429128a953\",\"name\":\"Alex Zaslavsky\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d14b8d99179745962f3db9e46d2ce6c4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d14b8d99179745962f3db9e46d2ce6c4?s=96&d=mm&r=g\",\"caption\":\"Alex Zaslavsky\"},\"description\":\"Was Sr. Product Manager at CyCognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/alex-zaslavsky\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerability Notice: Patch CVE-2021-31166 | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerability Notice: Patch CVE-2021-31166 | CyCognito Blog","og_description":"New Vulnerability Patch. Check your IIS servers and make sure that for those newer Windows 10 servers affected that CVE-2021-31166 has been patched.","og_url":"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/","og_site_name":"CyCognito Blog","article_published_time":"2021-05-21T00:13:00+00:00","article_modified_time":"2024-01-09T23:36:26+00:00","author":"Alex Zaslavsky","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alex Zaslavsky","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/"},"author":{"name":"Alex Zaslavsky","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/a66518132b1efe6e5d21fd429128a953"},"headline":"Vulnerability Notice: Patch CVE-2021-31166","datePublished":"2021-05-21T00:13:00+00:00","dateModified":"2024-01-09T23:36:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/"},"wordCount":451,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"keywords":["CVE-2021-31166","Vulnerability"],"articleSection":["Research"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/","url":"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/","name":"Vulnerability Notice: Patch CVE-2021-31166 | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"datePublished":"2021-05-21T00:13:00+00:00","dateModified":"2024-01-09T23:36:26+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/cve-2021-31166\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Vulnerability Notice: Patch CVE-2021-31166"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/a66518132b1efe6e5d21fd429128a953","name":"Alex Zaslavsky","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d14b8d99179745962f3db9e46d2ce6c4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d14b8d99179745962f3db9e46d2ce6c4?s=96&d=mm&r=g","caption":"Alex Zaslavsky"},"description":"Was Sr. Product Manager at CyCognito","url":"https:\/\/www.cycognito.com\/blog\/author\/alex-zaslavsky\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=304"}],"version-history":[{"count":4,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/304\/revisions"}],"predecessor-version":[{"id":560,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/304\/revisions\/560"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}