https://www.bleepingcomputer.com/news/security/exploit-released-for-wormable-windows-http-vulnerability/ > Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions. > The bug, tracked as CVE-2021-31166, was found in the HTTP Protocol Stack (HTTP.sys) used by the Windows Internet Information Services (IIS) web server as a protocol listener for processing HTTP requests.