https://msrc.microsoft.com/update-gu...CVE-2022-21907

For anyone that uses Server 2019 or 2022 Microsoft has released a special patch for a specific vulnerability that is only present in very specific circumstances.

As was stated at sans.edu, even if you do not have IIS enabled but since it affects http.sys it could be exploited in situations where remote management or web services for devices is enabled.
https://isc.sans.edu/diary/A+Quick+C...1907+FAQ/28234

Keep in mind these are only very specific cases and I have verified that even default installs with IIS default installs do not have the affected services enabled, nor the registry key.

Rick
Universal4