{"vulnerability": "CVE-2022-2190", "sightings": [{"uuid": "40834539-8bc6-4600-8240-47268416f850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_1/2022", "content": "", "creation_timestamp": "2022-01-12T11:30:06.000000Z"}, {"uuid": "29f1996d-c439-4fb9-8969-c1575846737e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=715", "content": "", "creation_timestamp": "2022-01-12T04:00:00.000000Z"}, {"uuid": "3d78a7df-dcab-4ad6-aecf-72f6afedcb1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9354", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 DoS exploit for CVE-2022-21907. Untested.\n\nhttps://github.com/polakow/CVE-2022-21907", "creation_timestamp": "2022-04-14T18:39:19.000000Z"}, {"uuid": "d0068444-d5cb-475b-80dd-8b3a55e1bfb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1932", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aA DoS exploit for CVE-2022-21907\nURL\uff1ahttps://github.com/polakow/CVE-2022-21907\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-04-13T05:52:30.000000Z"}, {"uuid": "20cd2d5d-8027-4714-940e-ed633c89a7cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1589", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aThis repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired. I add exploit, payload and demonstration.\nURL\uff1ahttps://github.com/mauricelambert/CVE-2022-21907", "creation_timestamp": "2022-03-05T10:38:36.000000Z"}, {"uuid": "70acbc14-8433-4248-8b0f-baf9cd3ad9a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1608", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-21907: exploitation with Powershell, Python, Ruby, NMAP and Metasploit.\nURL\uff1ahttps://github.com/mauricelambert/CVE-2021-31166", "creation_timestamp": "2022-03-07T19:50:10.000000Z"}, {"uuid": "47c2330f-e862-4dc4-a80f-2cf5e3775052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1519", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-24112 check\nURL\uff1ahttps://github.com/coconut20/CVE-2022-21907-RCE-POC", "creation_timestamp": "2022-02-21T17:32:25.000000Z"}, {"uuid": "2d7fec5f-9f02-4cae-b39c-776ff0206965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1518", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-24112 check\nURL\uff1ahttps://github.com/coconut20/CVE-2022-21907", "creation_timestamp": "2022-02-21T16:34:10.000000Z"}, {"uuid": "fd5fd259-ae8a-48f5-96ad-ffa0c5b077ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1532", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aProof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers\nURL\uff1ahttps://github.com/p0dalirius/CVE-2022-21907-http.sys", "creation_timestamp": "2022-02-25T11:06:48.000000Z"}, {"uuid": "19016896-9d53-46a0-a7b9-02ee6dbc9e8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3502", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPoC for CVE-2021-31166 and CVE-2022-21907\nURL\uff1ahttps://github.com/0xmaximus/Home-Demolisher\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-01T11:20:30.000000Z"}, {"uuid": "7f2ffd65-580f-439f-8d19-2c731793b449", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3581", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPOC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.\nURL\uff1ahttps://github.com/Malwareman007/CVE-2022-21907\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-09T13:48:52.000000Z"}, {"uuid": "b49f7e6a-b0c0-48a0-964d-7e16072ce5bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1791", "content": "CVE-2022-21907 - Double Free in http.sys driver\n\u041d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c HTTP-\u0437\u0430\u043f\u0440\u043e\u0441 \u0441 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u043c HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430 \"Accept-Encoding\", \u0447\u0442\u043e \u0432\u044b\u0437\u043e\u0432\u0435\u0442 \u0434\u0432\u043e\u0439\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c \u0441\u043f\u0438\u0441\u043a\u0435 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u0441\u0442\u0435\u043a\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 HTTP (http.sys) \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u043a\u0440\u0430\u0445\u0443 \u044f\u0434\u0440\u0430.\nhttps://github.com/p0dalirius/CVE-2022-21907-http.sys\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-06-21T19:01:56.000000Z"}, {"uuid": "9462c596-9e6e-4586-b6c7-ea29b5e80cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/poxek/1239", "content": "CVE-2022-21907 HTTP Protocol Stack RCE Vulnerability\n\u25b6\ufe0f \u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-04-06T05:00:48.000000Z"}, {"uuid": "20e9f2de-9a95-474b-b075-541e09f044fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/poxek/449", "content": "\u0418\u0442\u043e\u0433\u0438 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443 patch tuesday \u043e\u0442 microsoft.\n\n\u041f\u043e\u0444\u0438\u043a\u0441\u0438\u043b\u0438 \u0441\u0443\u043c\u043c\u0430\u0440\u043d\u043e 96, \u0447\u0442\u043e \u043d\u0430 29 \u0431\u043e\u043b\u044c\u0448\u0435, \u0447\u0435\u043c \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0440\u0430\u0437\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 (RCE, privesc, spoofing, xss)\u0432 \u0446\u0435\u043b\u043e\u043c \u0437\u043e\u043e\u043f\u0430\u0440\u043a\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, microsoft exchange server, microsoft office, windows kernel, windows defender, RDP, windows certificate, microsoft teams.\n\n\u0421\u0440\u0435\u0434\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0435\u0441 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442, \u043e\u0447\u0435\u0432\u0438\u0434\u043d\u043e, 0day, \u0430 \u0438\u0445 \u0446\u0435\u043b\u044b\u0445 6:\n\u2022 CVE-2021-22947 - RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 curl, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 Man-in-The-Middle;\n\u2022 CVE-2021-36976 \u2014 use-after-free \u0432 libarchive, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a RCE;\n\u2022 CVE-2022-21874 \u2014- RCE \u0432 api windows security center;\n\u2022 CVE-2022-21919 \u2014 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 windows user profile service, \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC;\n\u2022 CVE-2022-21839 \u2014 DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 windows event tracing discretionary access control list;\n\u2022 CVE-2022-21836 \u2014 \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432, PoC \u0442\u0430\u043a \u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442.\n\n\u0412 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 \u0434\u0435\u043a\u0430\u0431\u0440\u044c\u0441\u043a\u0438\u0445 0day, \u043d\u044b\u043d\u0435\u0448\u043d\u0438\u0435 \u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043a\u0430\u0436\u0435\u0442\u0441\u044f, \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u044b, \u043d\u0435 \u0431\u044b\u043b\u0438, \u0447\u0442\u043e, \u043d\u0435\u0441\u043e\u043c\u043d\u0435\u043d\u043d\u043e, \u0440\u0430\u0434\u0443\u0435\u0442.\n\n\u0421\u0430\u043c\u044b\u043c \u043e\u043f\u0430\u0441\u043d\u044b\u043c \u043d\u0430\u0437\u0432\u0430\u043b\u0438 \u0447\u0435\u0440\u0432\u0435\u043e\u0431\u0440\u0430\u0437\u043d\u044b\u0439 \u0431\u0430\u0433 CVE-2022-21907. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043c\u043e\u0436\u0435\u0442 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u0438 \u0432\u0437\u043b\u0430\u043c\u044b\u0432\u0430\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0431\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0432 \u0430\u0442\u0430\u043a\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432.\n@NeKaspersky", "creation_timestamp": "2022-01-12T13:10:46.000000Z"}, {"uuid": "0689fbaf-52d8-4e7f-94ff-96c571f3f062", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1243", "content": "CVE-2022-21907 - Double Free in http.sys driver\n\u041d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c HTTP-\u0437\u0430\u043f\u0440\u043e\u0441 \u0441 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u043c HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430 \"Accept-Encoding\", \u0447\u0442\u043e \u0432\u044b\u0437\u043e\u0432\u0435\u0442 \u0434\u0432\u043e\u0439\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c \u0441\u043f\u0438\u0441\u043a\u0435 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u0441\u0442\u0435\u043a\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 HTTP (http.sys) \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u043a\u0440\u0430\u0445\u0443 \u044f\u0434\u0440\u0430.\nhttps://github.com/p0dalirius/CVE-2022-21907-http.sys\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1\ufe0f", "creation_timestamp": "2022-04-06T13:01:37.000000Z"}, {"uuid": "3d1a05a3-5c27-4538-8fcc-5e2fa544595a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1915", "content": "CVE-2022-21907\nA REAL DoS exploit for CVE-2022-21907\n\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 IPv4/IPv6/HTTP/HTTPS\nhttps://github.com/polakow/CVE-2022-21907\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-07-05T15:02:24.000000Z"}, {"uuid": "a489dad1-e39d-4898-a67c-ef4947e78d6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1425", "content": "CVE-2022-21907\n\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435:\nPOC \u0434\u043b\u044f CVE-2022-21907: \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0442\u0435\u043a\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 HTTP.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435:\n- \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0442\u0435\u043a\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 HTTP.\n- \u0410\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0430 CVE-2021-31166.\n- \u042d\u0442\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0441 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u043e\u0441\u044c \u0432 CVE-2021-31166, \u0438 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442.\n\n\u0417\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442: \n- Windows\n\u2014 10 \u0432\u0435\u0440\u0441\u0438\u044f 1809 \u0434\u043b\u044f 32-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\n\u2014 10 \u0412\u0435\u0440\u0441\u0438\u044f 1809 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 x64\n\u2014 10 \u0412\u0435\u0440\u0441\u0438\u044f 1809 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 ARM64\n\u2014 10 \u0412\u0435\u0440\u0441\u0438\u044f 21H1 \u0434\u043b\u044f 32-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\n\u2014 10 \u0412\u0435\u0440\u0441\u0438\u044f 21H1 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 x64\n\u2014 10 \u0412\u0435\u0440\u0441\u0438\u044f 21H1 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 ARM64\n\u2014 10 \u0412\u0435\u0440\u0441\u0438\u044f 20H2 \u0434\u043b\u044f 32-\u0431\u0438\u0442\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\n\u2014 10 \u0412\u0435\u0440\u0441\u0438\u044f 20H2 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 x64\n\u2014 10 \u0412\u0435\u0440\u0441\u0438\u044f 20H2 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 ARM64\n\u2014 10 \u0412\u0435\u0440\u0441\u0438\u044f 21H2 \u0434\u043b\u044f 32-\u0431\u0438\u0442\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\n\u2014 10 \u0412\u0435\u0440\u0441\u0438\u044f 21H2 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 x64\n\u2014 10 \u0412\u0435\u0440\u0441\u0438\u044f 21H2 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 ARM64\n\u2014 11 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 x64\n\u2014 11 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 ARM64\n- Windows Server\n\u2014 2019\n\u2014 2019 (\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u044f\u0434\u0440\u0430)\n\u2014 2022\n\u2014 2022 (\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u044f\u0434\u0440\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430)\n\u2014 \u0432\u0435\u0440\u0441\u0438\u044f 20H2 (\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u044f\u0434\u0440\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430)\n\nhttps://github.com/michelep/CVE-2022-21907-Vulnerability-PoC\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-04-28T17:01:45.000000Z"}, {"uuid": "d486b878-1e00-402c-97bd-9ad396e126ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/malwar3s/9", "content": "https://github.com/michelep/CVE-2022-21907-Vulnerability-PoC", "creation_timestamp": "2022-06-16T09:14:26.000000Z"}, {"uuid": "7f8663d0-4104-4201-850a-6cf2fd6f207a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1344", "content": "CVE-2022-21907\nDoS-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f CVE-2022-21907. \u041e\u043d \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 IPv4/IPv6/HTTP/HTTPS.\nhttps://github.com/polakow/CVE-2022-21907\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-04-18T08:59:32.000000Z"}, {"uuid": "9371c3fc-cc9c-47f2-84ca-1f8d2450b78a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1898", "content": "CVE-2022-21907 Golang Application by 1vere$k\nCVE-2022-21907 - Double Free in http.sys driver. \u0418\u0442\u043e\u0433\n\u042d\u0442\u043e \u043c\u043d\u043e\u0433\u043e\u043f\u043e\u0442\u043e\u0447\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Golang, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u0446\u0435\u043b\u044f\u043c \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e. \u041d\u0435 \u043e\u0447\u0435\u043d\u044c \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0438\u0432\u043d\u043e \u0441 POST-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\u043c\u0438, \u043d\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 30% \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u0438 \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u043b\u0438\u043d\u0435\u0439\u043d\u044b\u043c \u043c\u0435\u0442\u043e\u0434\u043e\u043c. \u041d\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c HTTP-\u0437\u0430\u043f\u0440\u043e\u0441 \u0441 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u043c HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430 \"Accept-Encoding\", \u0432\u044b\u0437\u044b\u0432\u0430\u044f \u0434\u0432\u043e\u0439\u043d\u043e\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0441\u043f\u0438\u0441\u043a\u0430 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u0441\u0442\u0435\u043a\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 HTTP (http.sys) \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043a\u0440\u0430\u0445\u0443 \u044f\u0434\u0440\u0430.\nhttps://github.com/iveresk/cve-2022-21907\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2025-01-03T19:49:26.000000Z"}, {"uuid": "f9ed95df-e04f-4ccd-bb29-adf202f1dd4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/poxek/1336", "content": "CVE-2022-21907 Windows DoS Exploit\n\u25b6\ufe0f \u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-04-17T05:00:24.000000Z"}, {"uuid": "d074bfde-1828-4459-9235-bce95a4a1d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1189", "content": "CVE-2022-21907\nCVE-2022-21907: \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435, \u0437\u0430\u0449\u0438\u0442\u0430, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0438 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f: Powershell, Python, Ruby, NMAP \u0438 Metasploit. \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0438 \u0437\u0430\u0449\u0438\u0442\u0430: Powershell. \n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435:\n1. \u042d\u0442\u043e\u0442 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0439 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u0443, \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u043a CVE-2022-21907 (CVSS:3.1 9.8) \u0438 \u043f\u0440\u0438 \u0436\u0435\u043b\u0430\u043d\u0438\u0438 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u0442 \u043e\u0442 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u042f \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e 2 \u043a\u043e\u0434\u0430 powershell \u0432 1 \u0441\u0442\u0440\u043e\u043a\u0435.\n2. \u042f \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e \u0447\u0438\u0441\u0442\u044b\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b python, powershell, ruby \u0438 \u043c\u043e\u0434\u0443\u043b\u0438 metasploit, nmap \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 IIS (\u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c DOS-\u0430\u0442\u0430\u043a\u0443, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0432\u0435\u0441\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438\u0437 \u0441\u0442\u0440\u043e\u044f (\u0441\u0438\u043d\u0438\u0439 \u044d\u043a\u0440\u0430\u043d)).\nhttps://github.com/mauricelambert/CVE-2022-21907\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-04-02T09:31:20.000000Z"}, {"uuid": "2e13700e-308d-4d0f-ae34-12e7fcd27315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "Telegram/VlFz0V3lBiukcU4uUVZYhAeh4PSUMxEFE2g8soO0ouueQ_o", "content": "", "creation_timestamp": "2022-04-21T08:39:30.000000Z"}, {"uuid": "46d87e3e-c5f1-4e49-8645-3f15bf64a946", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/technical_private_cat/288", "content": "\u0415\u0449\u0435 \u0440\u0430\u0437 \u0434\u043e\u0431\u0440\u044b\u0439 \u0434\u0435\u043d\u044c \u043c\u043e\u0438 \u0447\u0435\u0448\u0438\u0440\u0441\u043a\u0438\u0435 \u043a\u043e\u0442\u0438\u043a\u0438   \ud83d\udc08\ud83c\udfa9\n\n\u0412\u043e\u0442 \u0432\u0430\u043c \u043f\u043e\u0441\u0442-\u0441\u0431\u043e\u0440\u043d\u0438\u043a \u043f\u0440\u043e windows . \ud83c\udfaf\n\u0422\u043e\u0447\u043d\u0435\u0435 \u043f\u0440\u043e \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043b\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 ,\u0438  \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 \u0441\u0442\u0430\u0442\u044c\u0438 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u044d\u043d\u043d\u043e\u0439 .\n\u041f\u043e\u0441\u0442 \u0441\u0434\u0435\u043b\u0430\u043d \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432 \u043e\u0437\u043d\u0430\u043a\u043e\u043c\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445 \u0438 \u0434\u043b\u044f \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u0438\u044f \u0432\u0430\u0448\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 . \n\n\u041d\u0430\u0434\u0435\u044e\u0441\u044c \u0432\u0430\u043c \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u043b\u0435\u0437\u043d\u043e:\nWindows-RCE-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b\nWindows-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u043d\u0430 \u043c\u043d\u043e\u0433\u0438\u0435 cve \u043e\u0442 2012 \u0434\u043e 2017\n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u043d\u0430 CVE-2022-21907 \u0435\u0449\u0435 \u0442\u044b\u043a \n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u043d\u0430 CVE-2022-21999\n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u043d\u0430 CVE-2022-29072\n\u0421\u0431\u043e\u0440\u043d\u0438\u043a \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432 \u043d\u0430 cve 2022 \u0433\u043e\u0434\u0430\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 Microsoft Security Response Center (MSRC)\nPrivatezilla -\u0438\u043d\u0442\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\nGood afternoon again my Cheshire cats \ud83d\udc08\ud83c\udfa9\n\nHere's a post-collection for you about windows . \ud83c\udfaf\nMore precisely about the different exploits for its various vulnerabilities , and tools and articles on security enna .\nThis post is only for introductory purposes and to improve your security. \n\nI hope you will find it useful:\nWindows-RCE-exploits\nWindows exploits for many cve from 2012 to 2017 \nExploits for CVE-2022-21907 more link \nExploits for CVE-2022-21999\nExploits for CVE-2022-29072 \nA collection of various exploits for cve 2022\nSecurity research from Microsoft Security Response Center (MSRC)\nPrivatezilla security tool\n#windows #attacks #cve #exploit #polymorphic #pentest", "creation_timestamp": "2022-10-30T15:50:43.000000Z"}, {"uuid": "2c8d9272-8111-457a-aa1a-9aa8bde1d08b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/alexmakus/4499", "content": "\u043a\u0441\u0442\u0430\u0442\u0438, \u0432\u0447\u0435\u0440\u0430 \u0436\u0435 \u0443 Microsoft \u0431\u044b\u043b Patch Tuesday! \n\n\u0432\u043e\u0442 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u0430\u044f \u0440\u0430\u0437\u0431\u0438\u0432\u043a\u0430 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e \u0430\u043f\u0434\u0435\u0439\u0442\u043e\u0432 \u2014\u00a0126 CVE \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e: \nhttps://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/\n\n6 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u044b\u043b\u0438 \u0443\u0436\u0435 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b \u0440\u0430\u043d\u044c\u0448\u0435, \u043e\u0434\u043d\u0430 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 wormable, \u043f\u043e \u0441\u043b\u043e\u0432\u0430\u043c Microsoft (\u0441\u0430\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u043e\u0442 \u043e\u0434\u043d\u043e\u0433\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u043a \u0434\u0440\u0443\u0433\u043e\u043c\u0443). 9 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u043c\u0435\u0447\u0435\u043d\u044b \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u0435, \u043e\u0434\u043d\u0430 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043d\u044b\u0445 \u2014\u00a0CVE-2022-21907 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907)\n\n\u0414\u043e\u043f. \u0422\u0440\u0438 \u2014\u00a0RCE \u0432 Exchange, \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043d\u0438\u0445 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0430 \u0438\u0437 NSA. \u0412 \u0446\u0435\u043b\u043e\u043c, \u043f\u043e\u043d\u044f\u0442\u043d\u043e, \u0447\u0442\u043e \u043d\u0430\u0434\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f.", "creation_timestamp": "2022-01-12T17:08:57.000000Z"}, {"uuid": "00441a77-2fe2-490e-b052-5a364dce5147", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/arpsyndicate/1676", "content": "#ExploitObserverAlert\n\nCVE-2022-21907\n\nDESCRIPTION: Exploit Observer has 66 entries related to CVE-2022-21907. HTTP Protocol Stack Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.891490000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T18:45:58.000000Z"}, {"uuid": "973394d6-32d1-4604-b451-548176c12021", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/arpsyndicate/1962", "content": "#ExploitObserverAlert\n\nCVE-2022-21907\n\nDESCRIPTION: Exploit Observer has 66 entries related to CVE-2022-21907. HTTP Protocol Stack Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.891490000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-18T10:18:00.000000Z"}, {"uuid": "dd9746b3-1d57-4d03-85c0-a7964121901c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/arpsyndicate/181", "content": "#ExploitObserverAlert\n\nCVE-2022-21907\n\nDESCRIPTION: Exploit Observer has 64 entries related to CVE-2022-21907. HTTP Protocol Stack Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.891490000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-17T02:38:45.000000Z"}, {"uuid": "a31ae198-d199-46d0-87b2-62a3417d4ef4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/ShizoPrivacy/291", "content": "|CVE-2022-21907|\nHTTP Protocol Stack RCE Vulnerability\nCVSS score:3.1 9.8 \n\n\ud83d\udee1\u0422\u043e\u043b\u044c\u043a\u043e \u0432 \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445!\n\u042d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u0430\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u0440\u0430\u0436\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e, \u043f\u043e-\u0434\u0440\u0443\u0433\u043e\u043c\u0443 \u0442\u0430\u043a\u043e\u0439 \u0442\u0438\u043f \u0435\u0449\u0451 \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f wormable \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0441\u0442\u0435\u043a\u043e\u043c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 HTTP(http.sys). \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435 \u0431\u044b\u043b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d, \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u043f\u0430\u043a\u0435\u0442 \u043d\u0430 \u0430\u0442\u0430\u043a\u0443\u0435\u043c\u044b\u0439 \u0441\u0435\u0440\u0432\u0430\u043a. \u0422\u0430\u043a\u0436\u0435, \u0445\u043e\u0447\u0443 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0447\u0435\u0440\u0435\u0437 \u043e\u0434\u0438\u043d \u0438\u043b\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u043e\u0432. \u0427\u0442\u043e \u043d\u0435 \u043c\u0430\u043b\u043e \u0432\u0430\u0436\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0431\u0435\u0437 \u0432\u043c\u0435\u0448\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u0430\u043c\u043e\u0439 \u0436\u0435\u0440\u0442\u0432\u044b. \u0421\u043f\u0438\u0441\u043e\u043a \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 windows \u0431\u043e\u043b\u044c\u0448\u043e\u0439, \u043d\u0430 \u0441\u043a\u0440\u0438\u043d\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438\u043b\u043e\u0436\u0438\u043b \u0432\u044b\u0448\u0435, \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.\n\n\u041f\u0440\u0438\u0432\u0435\u0434\u0443 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 \u0441 PoC \u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n\ud83d\udcce\u0442\u044b\u043a1\n\ud83d\udcce\u0442\u044b\u043a2\n\u041d\u0430\u0442\u043a\u043d\u0443\u043b\u0441\u044f \u0435\u0449\u0451 \u043d\u0430 DoS \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0447\u0435\u043d\u044c \u043f\u0440\u043e\u0441\u0442\u043e: \n./cve-2022-21907.py -t 184.50.9.56 -p 80 -v 4    - \u0434\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u043f\u0440\u0438\u043a\u043e\u043b \u0441 ip - \u043f\u043e\u043d\u044f\u043b\u0438\n\n\ud83d\udee1For educational purposes only!\nThis is a vulnerability that can infect other vulnerable devices on its own, in another way, this type is also called wormable and is associated with the HTTP protocol stack(http.sys ). An attacker who has not been authenticated can send a packet created for the attack to the attacked server. Also, I want to note that the attack can be carried out at the protocol level through one or more network transitions. What is not a little important, a vulnerable system can be exploited without the intervention and interaction of the victim himself. The list of affected versions of windows is large, you can look at the screenshot attached above.\n\nHere are a few repositories with the PoC of this vulnerability:\n\ud83d\udcce click1\n\ud83d\udcce click2\nI came across another DoS exploit  based on this vulnerability. It is very simple to use:\n./cve-2022-21907.py -t 184.50.9.56 -p 80 -v 4 - I think that the joke with the ip is understood\n\n#shizo #rce #cve #poc", "creation_timestamp": "2022-04-14T03:18:24.000000Z"}, {"uuid": "815109c5-0109-4dc2-ae51-57e85e5cb638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/hack_room_channel/125", "content": "https://github.com/antx-code/CVE-2022-21907\n\n\nPOC for CVE-2022-21907: Windows HTT  Protocol Stack Remote Code Execution Vulnerability", "creation_timestamp": "2022-01-19T12:55:09.000000Z"}, {"uuid": "958fc2a1-25db-4a32-a632-99d0c389ed14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/ARC15INFO/351", "content": "CVE-2022-21907 HTTP Protocol Stack RCE Vulnerability\n\n#RCE #Vulnerability #Metasploit #Nmap #Powershell\n#CVE-2022-21907 #CVE-2022-2190 #Exploit #Dos #Ddos\n#Hacking #Microsoft #Bugbounty #RemoteCodeExecution\n\nhttps://reconshell.com/cve-2022-21907-http-protocol-stack-rce-vulnerability/", "creation_timestamp": "2024-08-29T06:29:08.000000Z"}, {"uuid": "e860097f-f230-4781-940f-aeb61de4f150", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2190", "type": "published-proof-of-concept", "source": "https://t.me/ARC15INFO/351", "content": "CVE-2022-21907 HTTP Protocol Stack RCE Vulnerability\n\n#RCE #Vulnerability #Metasploit #Nmap #Powershell\n#CVE-2022-21907 #CVE-2022-2190 #Exploit #Dos #Ddos\n#Hacking #Microsoft #Bugbounty #RemoteCodeExecution\n\nhttps://reconshell.com/cve-2022-21907-http-protocol-stack-rce-vulnerability/", "creation_timestamp": "2024-08-29T06:29:08.000000Z"}, {"uuid": "6f1a24b5-fedb-408a-ac46-7f505149d484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/hack_room_channel/334", "content": "https://github.com/p0dalirius/CVE-2022-21907-http.sys", "creation_timestamp": "2022-02-18T08:34:15.000000Z"}, {"uuid": "2fdc5391-c819-49f1-ad76-27380e1a11fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "Telegram/-6ODXgzzWCxBZpYl68OshWRdD8e5O8jb0SVarNqOSvRoOA0", "content": "", "creation_timestamp": "2022-04-09T07:39:13.000000Z"}, {"uuid": "fe8afaec-b8dc-4fed-9dac-cf5bbc7b58ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/632", "content": "windows HTTP RCE CVE-2022-21907\nhttps://github.com/antx-code/CVE-2022-21907\n\nAn exploit / PoC for CVE-2021-42237\nhttps://github.com/PinkDev1/CVE-2021-42237\n\nApache Dubbo Hessian2 CVE-2021-43297 demo\nhttps://github.com/longofo/Apache-Dubbo-Hessian2-CVE-2021-43297", "creation_timestamp": "2022-01-19T15:20:36.000000Z"}, {"uuid": "40d8f47f-6147-4913-bef1-2413b1a9fd22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/630", "content": "#poc CVE-2022-21907 HTTP Protocol Stack RCE. Windows 10 Exploits\nhttps://github.com/nu11secur1ty/Windows10Exploits/blob/master/2022/CVE-2022-21907/PoC/PoC-CVE-2022-21907.py", "creation_timestamp": "2022-01-15T22:41:24.000000Z"}, {"uuid": "7d4289a3-fe80-4a80-a3ea-1111e9b7b81f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/hacker_trick/621", "content": "CVE-2022-21907 Wormable Windows HTTP hole. what you need to know\nhttps://nakedsecurity.sophos.com/2022/01/12/wormable-windows-http-hole-what-you-need-to-know\n\nESET researchers look at malware that abuses vulnerabilities in kernel drivers and outline mitigation techniques against this type of exploitation\nhttps://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core\n\nNew SysJoker Backdoor Targets Windows, Linux, macOS\nhttps://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker\n\nSysJoker analyzing the first (macOS) malware of 2022\nhttps://objective-see.com/blog/blog_0x6C.html", "creation_timestamp": "2022-01-12T19:30:14.000000Z"}, {"uuid": "0fdf8311-d134-4f97-9b87-ae725b3ad09d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "Telegram/Z-gC7tt3bW6DK3IXdR8i896Pj8qpZo-pP72jFLteSWSzz-FC", "content": "", "creation_timestamp": "2022-04-17T19:17:18.000000Z"}, {"uuid": "2b9e02dd-d3b7-4e0a-ad0e-79ac2350dec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/breachdetector/362923", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2022-21907 HTTP DOS Security Vulnerability What Is ?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"20 Oct 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-10-20T10:20:32.000000Z"}, {"uuid": "7ead2a1a-7445-41e9-a6af-6b6a22df1e7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/breachdetector/362694", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2022-21907 HTTP DOS G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Nedir ?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"20 Oct 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-10-20T00:33:53.000000Z"}, {"uuid": "5179e8b6-bb71-4b17-9e4e-7f4ccab8ac44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/breachdetector/497568", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2022-21907 Http Dos Python\", \n  \"author\": \" (\u00c7okgen)\",\n  \"Detection Date\": \"16 Apr 2024\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2024-04-16T14:03:43.000000Z"}, {"uuid": "3f7013dc-0eb5-433e-b574-18b1728e6f63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "Telegram/agPBm5znjFfdqHAluh3etrSkXLZLJ-PeqzFbDrvG_gNpSMI9", "content": "", "creation_timestamp": "2022-06-01T12:34:41.000000Z"}, {"uuid": "ff6e2eb1-01b2-4d50-aa45-f7d593d71e8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2190", "type": "published-proof-of-concept", "source": "Telegram/-6ODXgzzWCxBZpYl68OshWRdD8e5O8jb0SVarNqOSvRoOA0", "content": "", "creation_timestamp": "2022-04-09T07:39:13.000000Z"}, {"uuid": "2f30c84d-1564-4d5e-b11f-8e213f6456d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/1249", "content": "CVE-2022-21907 Windows DoS Exploit\n\n#vulnerability #DoS #CVE-2022-21907 #Hacking\n#Windows #CVE #Exploit #BugBounty #DDoS #VAPT\n\nhttps://reconshell.com/cve-2022-21907-windows-dos-exploit/", "creation_timestamp": "2022-04-16T06:57:51.000000Z"}, {"uuid": "76da2923-8a8f-438d-b843-e7bacabf8d73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2190", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/1236", "content": "CVE-2022-21907 HTTP Protocol Stack RCE Vulnerability\n\n#RCE #Vulnerability #Metasploit #Nmap #Powershell\n#CVE-2022-21907 #CVE-2022-2190 #Exploit #Dos #Ddos\n#Hacking #Microsoft #Bugbounty #RemoteCodeExecution\n\nhttps://reconshell.com/cve-2022-21907-http-protocol-stack-rce-vulnerability/", "creation_timestamp": "2022-04-05T07:21:47.000000Z"}, {"uuid": "e2910f54-0a35-4194-8221-8318137d9be3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2190", "type": "seen", "source": "https://t.me/cibsecurity/52290", "content": "\u203c CVE-2022-2190 \u203c\n\nThe Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-31T19:37:58.000000Z"}, {"uuid": "8cad554e-ae5c-48c1-940c-71558e1933da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/intelexch/11980", "content": "CVE-2022-21907\nA REAL DoS exploit for CVE-2022-21907 https://github.com/polakow/CVE-2022-21907", "creation_timestamp": "2022-04-13T14:10:27.000000Z"}, {"uuid": "2a2da03e-5446-42dd-b37a-e62afae5217d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "Telegram/8zCbUwmFGHKy9CPTQbzuhRf1kw_QnA2S1R4SKJ4pmGcCyqA", "content": "", "creation_timestamp": "2022-04-13T17:28:52.000000Z"}, {"uuid": "28b252d1-d3af-46ba-8414-f02dfe545ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/true_secator/2513", "content": "\u200b\u200b\u041f\u043e\u0434\u044a\u0435\u0445\u0430\u043b \u0432\u043d\u0443\u0448\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u044f\u043d\u0432\u0430\u0440\u0441\u043a\u0438\u0439 Patch Tuesday \u043e\u0442 Microsoft: \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e 97 \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a (\u043d\u0435 \u0441\u0447\u0438\u0442\u0430\u044f 29 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 Microsoft Edge), 9 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u00ab\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435\u00bb, 88 \u043a\u0430\u043a \u00ab\u0432\u0430\u0436\u043d\u044b\u0435\u00bb \u0438 6 - 0-day.\n \n\u0421\u0440\u0435\u0434\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445:\n-      CVE-2021-22947 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 Curl, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430.\n-      CVE-2021-36976 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Libarchive, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430.\n-      CVE-2022-21919 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043b\u0443\u0436\u0431\u044b \u043f\u0440\u043e\u0444\u0438\u043b\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Windows, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0430\u0432.\n-      CVE-2022-21836 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 Windows.\n-      CVE-2022-21839 \u2014 \u0442\u0440\u0430\u0441\u0441\u0438\u0440\u043e\u0432\u043a\u0430 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 Windows, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u043a\u0430\u0437\u043e\u043c \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441\u043f\u0438\u0441\u043a\u0430 \u0434\u0438\u0441\u043a\u0440\u0435\u0446\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n-      CVE-2022-21874 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows Security Center API, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430.\n \n\u0412 \u0446\u0435\u043b\u043e\u043c, Microsoft Patch \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Microsoft Windows, Microsoft Edge, Exchange Server, Microsoft Office, SharePoint Server, NET Framework, Microsoft Dynamics, \u041f\u041e \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, Windows Hyper-V, \u0417\u0430\u0449\u0438\u0442\u043d\u0438\u043a Windows \u0438 RDP.\n \n\u0412 \u0447\u0438\u0441\u043b\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0432\u044b\u0434\u0435\u043b\u0438\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0441\u0442\u0435\u043a\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 HTTP (http.sys) \u0438 \u0431\u0430\u0433\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 Exchange Server.\n \n\u0421\u0430\u043c\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0438\u0437 \u0432\u0441\u0435\u0445 CVE-2022-21907 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 wormable-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u0442\u0435\u043a \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 HTTP \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432.\n \n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u043c\u0435\u0442\u043a\u0443 \u043d\u043e\u0432\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0435 Microsoft Exchange CVE-2022-21846, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u043e \u0410\u041d\u0411 \u0421\u0428\u0410. Microsoft \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441 Exchange Server \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0446\u0435\u043b\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0430\u043c \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430.\n \n\u041f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u0430 CVE \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 Microsoft Office, \u0442\u0430\u043a\u0436\u0435 \u044f\u0432\u043b\u044f\u044e\u0449\u0430\u044f\u0441\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0432 Patch Tuesday. CVE-2022-21840 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445.\n \n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0438 \u043e\u0431\u043c\u0430\u043d\u043e\u043c \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0432 \u0435\u0433\u043e \u043e\u0442\u043a\u0440\u044b\u0442\u044c. \u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0431\u044b\u043b \u043e\u0446\u0435\u043d\u0435\u043d \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0438\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0449\u0438\u0445 \u0434\u0438\u0430\u043b\u043e\u0433\u043e\u0432\u044b\u0445 \u043e\u043a\u043e\u043d \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430.\n \n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0434\u043e\u043c\u0435\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0436\u0431\u0430\u0445 Active Directory \u0438 \u043e\u0448\u0438\u0431\u043a\u0443 Curl \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0431\u044b\u043b\u0430 \u0435\u0449\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0438 \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0435\u0449\u0435 \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n \n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u043e\u0431\u044a\u0435\u043c \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0433\u043e Patch Tuesday, \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 Microsoft \u0435\u0449\u0435 \u043d\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043f\u043e\u0434 Office 2019 \u0434\u043b\u044f Mac \u0438 Microsoft Office LTSC \u0434\u043b\u044f Mac 2021, \u043d\u043e \u043e\u0431\u0435\u0449\u0430\u0435\u0442 \u044d\u0442\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f.\n \n\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443 \u043d\u0435\u0435 \u043d\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043a\u0430\u043a\u0430\u044f-\u043b\u0438\u0431\u043e \u0438\u0437 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u041f\u043e\u043b\u043d\u044b\u0439 \u043f\u0435\u0440\u0435\u0447\u0435\u043d\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 - \u0437\u0434\u0435\u0441\u044c.", "creation_timestamp": "2022-01-12T17:30:00.000000Z"}, {"uuid": "4244f757-53fb-4756-8389-dd32acfe5441", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/NeKaspersky/1670", "content": "\u0418\u0442\u043e\u0433\u0438 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443 patch tuesday \u043e\u0442 microsoft.\n\n\u041f\u043e\u0444\u0438\u043a\u0441\u0438\u043b\u0438 \u0441\u0443\u043c\u043c\u0430\u0440\u043d\u043e 96, \u0447\u0442\u043e \u043d\u0430 29 \u0431\u043e\u043b\u044c\u0448\u0435, \u0447\u0435\u043c \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0440\u0430\u0437\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 (RCE, privesc, spoofing, xss)\u0432 \u0446\u0435\u043b\u043e\u043c \u0437\u043e\u043e\u043f\u0430\u0440\u043a\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, microsoft exchange server, microsoft office, windows kernel, windows defender, RDP, windows certificate, microsoft teams.\n\n\u0421\u0440\u0435\u0434\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0435\u0441 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442, \u043e\u0447\u0435\u0432\u0438\u0434\u043d\u043e, 0day, \u0430 \u0438\u0445 \u0446\u0435\u043b\u044b\u0445 6:\n\u2022 CVE-2021-22947 - RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 curl, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 Man-in-The-Middle;\n\u2022 CVE-2021-36976 \u2014 use-after-free \u0432 libarchive, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a RCE;\n\u2022 CVE-2022-21874 \u2014 RCE \u0432 api windows security center;\n\u2022 CVE-2022-21919 \u2014 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 windows user profile service, \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC;\n\u2022 CVE-2022-21839 \u2014 DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 windows event tracing discretionary access control list;\n\u2022 CVE-2022-21836 \u2014 \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432, PoC \u0442\u0430\u043a \u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442.\n\n\u0412 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 \u0434\u0435\u043a\u0430\u0431\u0440\u044c\u0441\u043a\u0438\u0445 0day, \u043d\u044b\u043d\u0435\u0448\u043d\u0438\u0435 \u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043a\u0430\u0436\u0435\u0442\u0441\u044f, \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u044b, \u043d\u0435 \u0431\u044b\u043b\u0438, \u0447\u0442\u043e, \u043d\u0435\u0441\u043e\u043c\u043d\u0435\u043d\u043d\u043e, \u0440\u0430\u0434\u0443\u0435\u0442.\n\n\u0421\u0430\u043c\u044b\u043c \u043e\u043f\u0430\u0441\u043d\u044b\u043c \u043d\u0430\u0437\u0432\u0430\u043b\u0438 \u0447\u0435\u0440\u0432\u0435\u043e\u0431\u0440\u0430\u0437\u043d\u044b\u0439 \u0431\u0430\u0433 CVE-2022-21907. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043c\u043e\u0436\u0435\u0442 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u0438 \u0432\u0437\u043b\u0430\u043c\u044b\u0432\u0430\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0431\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0432 \u0430\u0442\u0430\u043a\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432.\n@NeKaspersky", "creation_timestamp": "2022-01-12T14:49:26.000000Z"}, {"uuid": "fc26e0ae-4e27-42e4-86f2-f19cd377d9e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/MoroccanGh0sts/219", "content": "CVE-2022-21907 HTTP Protocol Stack RCE Vulnerability\n\nhttps://reconshell.com/cve-2022-21907-http-protocol-stack-rce-vulnerability/\n\n[\u2714 ] Black Security Team \n\n#RCE #Vulnerability #Metasploit #Nmap #Powershell\n#CVE_2022_21907 #CVE_2022_2190 #Exploit #Dos #Ddos\n#Hacking #Microsoft #Bugbounty #RemoteCodeExecution", "creation_timestamp": "2022-04-07T23:32:26.000000Z"}, {"uuid": "a7facae7-abfd-4e43-924d-ceb7ca2ee29a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/1236", "content": "CVE-2022-21907 HTTP Protocol Stack RCE Vulnerability\n\n#RCE #Vulnerability #Metasploit #Nmap #Powershell\n#CVE-2022-21907 #CVE-2022-2190 #Exploit #Dos #Ddos\n#Hacking #Microsoft #Bugbounty #RemoteCodeExecution\n\nhttps://reconshell.com/cve-2022-21907-http-protocol-stack-rce-vulnerability/", "creation_timestamp": "2022-04-05T07:21:47.000000Z"}, {"uuid": "537b75ab-09ba-4e19-8d3e-eeeb95ba4e45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/HackerOne/3320", "content": "https://www.coresecurity.com/core-labs/articles/proof-concept-cve-2022-21907-http-protocol-stack-remote-code-execution", "creation_timestamp": "2022-04-16T12:13:57.000000Z"}, {"uuid": "2b32c627-7b40-4a20-8905-b61b57137712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21906", "type": "seen", "source": "https://t.me/cibsecurity/35293", "content": "\u203c CVE-2022-21906 \u203c\n\nWindows Defender Application Control Security Feature Bypass Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T00:17:52.000000Z"}, {"uuid": "63ca9f25-9dfb-4f62-83b1-58c9d21291f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/cibsecurity/35291", "content": "\u203c CVE-2022-21907 \u203c\n\nHTTP Protocol Stack Remote Code Execution Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T00:17:47.000000Z"}, {"uuid": "37915f97-a0c0-445f-a874-6768361ef911", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21900", "type": "seen", "source": "https://t.me/cibsecurity/35300", "content": "\u203c CVE-2022-21900 \u203c\n\nWindows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21905.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T00:21:25.000000Z"}, {"uuid": "e0875adf-de12-4d6d-b4c9-4afb9ba7f23b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21904", "type": "seen", "source": "https://t.me/cibsecurity/35283", "content": "\u203c CVE-2022-21904 \u203c\n\nWindows GDI Information Disclosure Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T00:17:35.000000Z"}, {"uuid": "2cb55779-75e8-481e-9a45-2e972c0b7d7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21905", "type": "seen", "source": "https://t.me/cibsecurity/35300", "content": "\u203c CVE-2022-21900 \u203c\n\nWindows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21905.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T00:21:25.000000Z"}, {"uuid": "726a079b-951e-4ac9-998b-f272343ab265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2516", "content": "#CVE-2022\nPoC for CVE-2021-31166 and CVE-2022-21907\n\nhttps://github.com/0xmaximus/Home-Demolisher\n\n@BlueRedTeam", "creation_timestamp": "2022-12-10T17:07:01.000000Z"}, {"uuid": "514043b2-40b8-4178-b863-16027d166908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/thehackernews/1783", "content": "First Microsoft Patch Tuesday update of 2022 fixes 96 new vulnerabilities, including a critical \"wormable\" Windows RCE vulnerability (CVE-2022-21907) in the HTTP Protocol Stack.\n\nRead details: https://thehackernews.com/2022/01/first-patch-tuesday-of-2022-brings-fix.html", "creation_timestamp": "2022-10-29T16:54:17.000000Z"}, {"uuid": "07601b20-1c94-46aa-b03f-95ab60995db9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2552", "content": "#CVE-2022\nCVE-2022-36537\n\nhttps://github.com/agnihackers/CVE-2022-36537-EXPLOIT\n\nPOC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.\n\nhttps://github.com/Malwareman007/CVE-2022-21907\n\nPOC of CVE-2022-36537\nhttps://github.com/Malwareman007/CVE-2022-36537\n\nDirty Pipe - CVE-2022-0847\nhttps://github.com/tmoneypenny/CVE-2022-0847\n\nProof of concept of CVE-2022-24086\n\nhttps://github.com/pescepilota/CVE-2022-24086\n\n@BlueRedTeam", "creation_timestamp": "2023-01-07T04:51:48.000000Z"}, {"uuid": "8e3bd1c1-0638-40fb-a1cb-d4de2f8ab38f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/BlueRedTeam/1621", "content": "#Blue_Team\n\n1. Abusing MS Office Using Malicious Web Archive Files\nhttps://www.netskope.com/blog/abusing-microsoft-office-using-malicious-web-archive-files\n2. A Quick CVE-2022-21907 FAQ\nhttps://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234\n\n@BlueRedTeam", "creation_timestamp": "2022-01-14T08:02:10.000000Z"}, {"uuid": "afaedcb2-1dfd-469d-89a7-37350c386b48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1631", "content": "#Blue_Team\n\n1. This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired\nhttps://github.com/mauricelambert/CVE-2022-21907\n2. Hardening HashiCorp Vault\nhttps://github.com/hashicorp/vault-selinux-policies\n\n@BlueRedTeam", "creation_timestamp": "2022-01-18T15:24:01.000000Z"}, {"uuid": "6823dd22-4c4c-4cec-b7e2-bf8760d8b73f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5225", "content": "#exploit\nCVE-2022-21907:\nWindows 10/11/2019/2022 HTTP Protocol Stack RCE Vulnerability (PoC)\nhttps://github.com/antx-code/CVE-2022-21907", "creation_timestamp": "2022-01-19T05:39:00.000000Z"}, {"uuid": "4f501ce9-4752-4c10-a756-ccb9f6efaa91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "Telegram/oWSPkDsJ-y34oQzF9TvATbb9e2xxUgDctwgG7HX7J-_WCowF", "content": "", "creation_timestamp": "2022-01-12T04:32:14.000000Z"}, {"uuid": "badc009e-2365-4d19-ac3d-9689e475054e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/5199", "content": "#Blue_Team_Techniques\n1. Abusing MS Office Using Malicious Web Archive Files\nhttps://www.netskope.com/blog/abusing-microsoft-office-using-malicious-web-archive-files\n2. A Quick CVE-2022-21907 FAQ\nhttps://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234", "creation_timestamp": "2022-01-14T11:05:11.000000Z"}, {"uuid": "4d87df43-7df0-4d55-b10d-868ddbe681d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5210", "content": "#Blue_Team_Techniques\n1. This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired\nhttps://github.com/mauricelambert/CVE-2022-21907\n2. Hardening HashiCorp Vault\nhttps://github.com/hashicorp/vault-selinux-policies", "creation_timestamp": "2022-01-16T13:34:43.000000Z"}, {"uuid": "03b9bdb3-14c5-4211-8257-c37e68d305fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/5324", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Jan 1-31)\n\nCVE-2021-44228 - Apache Log4j2\nCVE-2021-40444 - Microsoft MSHTML RCE\nCVE-2021-4034 - LPE vuln was found on polkit's pkexec utility\nCVE-2022-0185 - Linux Kernel Container Escape in Kubernetes\nCVE-2022-21907 - HTTP Protocol Stack RCE\nCVE-2022-21882 - Win32k Window Object Type Confusion\nCVE-2021-20038 - SonicWall SMA-100 Unauth RCE\nCVE-2021-45467 - CWP CentOS Web Panel preauth RCE\nCVE-2021-42392 - Unauth RCE in H2 Database Console\nCVE-2022-21658 - Vulnerability in Rust", "creation_timestamp": "2024-10-15T10:29:54.000000Z"}]}