Headline
CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability
How could an attacker exploit this vulnerability?
In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.
Is this wormable?
Yes. Microsoft recommends prioritizing the patching of affected servers.