Latest Microsoft security updates address a new critical flaw CVE-2022-21907 in the HTTP protocol stack which could potentially lead to remote code execution. Microsoft recommends that you install the latest security updates which will patch the critical flaw now.
Successful exploitation requires threat actors to send maliciously crafted packets to targeted Windows servers, which use the vulnerable HTTP Protocol Stack for processing packets.
Currently there are no publicly available exploits for this critical flaw nor it is under active exploitation.
Windows Server 2019 and Windows 10 version 1809 are not vulnerable by default. Unless you have enabled the HTTP Trailer Support via EnableTrailerSupport registry value, the systems are not vulnerable.
Delete the DWORD registry value “EnableTrailerSupport” if present under:
This mitigation only applies to Windows Server 2019 and Windows 10, version 1809 and does not apply to the Windows 20H2 and newer.