https://www.bleepingcomputer.com/news/security/exploit-released-for-wormable-windows-http-vulnerability/

Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions.

The bug, tracked as CVE-2021-31166, was found in the HTTP Protocol Stack (HTTP.sys) used by the Windows Internet Information Services (IIS) web server as a protocol listener for processing HTTP requests.