Discover and read the best of Twitter Threads about #ulpparseacceptencoding
Most recents (1)
[#thread 🧵] Last week in #Microsoft #PatchTuesday, a critical vulnerability was patched that theoretically allows attackers to achieve Remote Code Execution on a target #IIS server (CVE-2022-21907). I'll explain how it works in this thread ⬇️ 
[#thread 🧵(2/9)] A bit of History !
First of all, it is important to know that this vulnerability is a sibling of CVE-2021-31166 disclosed in May of last year. These two vulnerabilities occur in the parsing of HTTP headers of an incoming request, within the http.sys driver.
First of all, it is important to know that this vulnerability is a sibling of CVE-2021-31166 disclosed in May of last year. These two vulnerabilities occur in the parsing of HTTP headers of an incoming request, within the http.sys driver.
[#thread 🧵(3/9)] But what happens exactly 🤔 ?
To understand what happens in a kernel driver crash, It's important to analyze the kernel #crashdump generated at the moment of the blue screen! Let's open it in #WinDbg and analyze it!
To understand what happens in a kernel driver crash, It's important to analyze the kernel #crashdump generated at the moment of the blue screen! Let's open it in #WinDbg and analyze it!
