VDB
MSRC_CVE-2022-21907
MSRC_CVE-2022-21907
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Windows Server 2019 <10.0.17763.2452 | ||
| Windows 10 Version 21H1 for ARM64-based Systems 10.0.19043.1466 | ||
| Windows 10 Version 21H1 for 32-bit Systems 10.0.19043.1466 | ||
| Windows Server 2022 <10.0.20348.469 | ||
| Windows 10 Version 21H1 for 32-bit Systems <10.0.19043.1466 | ||
| Windows Server 2019 (Server Core installation) 10.0.17763.2452 | ||
| Windows 10 Version 21H1 for x64-based Systems 10.0.19043.1466 | ||
| Windows 10 Version 1809 for x64-based Systems <10.0.17763.2452 | ||
| Windows 10 Version 1809 for 32-bit Systems <10.0.17763.2452 | ||
| Windows 10 Version 1809 for ARM64-based Systems 10.0.17763.2452 | ||
| Windows Server 2022 (Server Core installation) <10.0.20348.469 | ||
| Windows 10 Version 21H1 for ARM64-based Systems <10.0.19043.1466 | ||
| Windows 10 Version 21H1 for x64-based Systems <10.0.19043.1466 | ||
| Windows Server 2019 10.0.17763.2452 | ||
| Windows Server 2019 (Server Core installation) <10.0.17763.2452 | ||
| Windows 10 Version 1809 for 32-bit Systems 10.0.17763.2452 | ||
| Windows 10 Version 1809 for x64-based Systems 10.0.17763.2452 | ||
| Windows Server 2022 10.0.20348.469 | ||
| Windows Server 2022 (Server Core installation) 10.0.20348.469 | ||
| Windows 10 Version 1809 for ARM64-based Systems <10.0.17763.2452 |
Exploit Intelligence
- PoC for CVE-2021-31166 and CVE-2022-21907 (github-poc-repo)
- CVE-2022-21907漏洞RCE PoC (github-poc-repo)
- 2022 Spring Prof. 謝續平 (github-poc-repo)
- asepsaepdin/CVE-2022-21907 (github-poc-repo)
- Vulnerability in HTTP Protocol Stack Enabling Remote Code Execution and Potential System Crash. (github-poc-repo)
- Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers (github-poc-repo)
- cve-2022-21907 (github-poc-repo)
- POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. (github-poc-repo)
- Vulnerability in HTTP Protocol Stack Enabling Remote Code Execution and Potential System Crash. (github-poc)
- asepsaepdin/CVE-2022-21907 (github-poc)
…and 26 more exploits
Timeline
- Jan 11, 2022 CVE Published
- Jan 12, 2022 CVE Updated
- Apr 9, 2026 Security Advisory
- Apr 9, 2026 Security Advisory
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907 advisory
- https://msrc.microsoft.com/csaf/2022/msrc_cve-2022-21907.json advisory
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 url
- https://support.microsoft.com/lifecycle url
- https://www.first.org/cvss url
- https://support.microsoft.com/help/5009557 fix
- https://support.microsoft.com/help/5009543 fix
- https://support.microsoft.com/help/5009555 fix
- https://support.microsoft.com/help/5009566 fix