A security researcher has published over the weekend proof-of-concept exploit code for a wormable Windows IIS server vulnerability. Tracked as CVE-2021-31166, the vulnerability was discovered internally by Microsoft’s staff and patched last week in the May 2021 Patch Tuesday.
Article Link: PoC released for wormable Windows IIS bug | The Record by Recorded Future