By zerosday cve bot•April 6, 2022•
cves
CVE-2021-31166: Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2021-31166: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-03-30T13:16:52.328Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
HTTP Protocol Stack Remote Code Execution Vulnerability
- Context preserved from previous revision: Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution. 1. Use only isolated environments and systems you own or are explicitly authorized to test.
Technical Details
- CVE: CVE-2021-31166
- KEV date added: 2022-04-06
- KEV due date: 2022-04-27
- NVD published: 2021-05-11
- NVD modified: 2025-10-30
- MITRE modified: 2025-10-21
- CVSS base score: 9.8
- CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CVSS exploitability score: 3.9
- CVSS impact score: 5.9
- Attack vector: Network
- Attack complexity: Low
- Privileges required: None
- User interaction: None
- Scope: Unchanged
- Confidentiality impact: High
- Integrity impact: High
- Availability impact: High
Versions and Products Impacted
- microsoft / windows 10 2004 (versions: < 10.0.19041.982)
- microsoft / windows 10 20h2 (versions: < 10.0.19042.982)
- microsoft / windows server 2004 (versions: < 10.0.19041.982)
- microsoft / windows server 20h2 (versions: < 10.0.19042.982)
- Microsoft / Windows 10 Version 2004 (versions: 10.0.0)
- Microsoft / Windows Server version 2004 (versions: 10.0.0)
- Microsoft / Windows 10 Version 20H2 (versions: 10.0.0)
- Microsoft / Windows Server version 20H2 (versions: 10.0.0)
Weakness Classification
- CWE-416
Repositories for Lab Validation (Public Examples)
- Mr-xn/Penetration_Testing_POC | stars: 7289 | updated: 2026-03-30 | https://github.com/Mr-xn/Penetration_Testing_POC
Notes: 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms - GhostTroops/TOP | stars: 721 | updated: 2026-03-30 | https://github.com/GhostTroops/TOP
Notes: TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
People and Organizations Mentioned
- microsoft
- HTTP Protocol Stack
- Mr-xn
- GhostTroops
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Use microsoft / windows 10 2004 (versions: < 10.0.19041.982) in isolated VM snapshots (vulnerable vs patched) and compare process tree telemetry before/after updates.
- Validate command-execution prevention policies (AppLocker/WDAC/EDR) with harmless test binaries only.
- Create SIEM detections for suspicious parent-child chains, encoded command usage, and abnormal service creation.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2021-31166
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2021-31166
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- KEV notes: https://nvd.nist.gov/vuln/detail/CVE-2021-31166
- http://packetstormsecurity.com/files/162722/Microsoft-HTTP-Protocol-Stack-Remote-Code-Execution.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31166
- Repository example: https://github.com/Mr-xn/Penetration_Testing_POC
- Repository example: https://github.com/GhostTroops/TOP
This content is for defensive security training and authorized validation only.