HTTP Protocol Stack Vulnerability (CVE-2022-21907)
Canon Medical Systems Security Advisory
Overview:
It was announced that there is security vulnerability that affects Windows HTTP Protocol Stack. A remote code execution vulnerability exists when an attacker sends a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. An attacker who successfully exploited this vulnerability could run arbitrary code.
REF: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907
Vulnerability Overview:
An unauthenticated attacker could send a specially crafted packet to a targeted Windows system utilizing the HTTP Protocol Stack (http.sys) to process packets. The following Windows systems are affected by this vulnerability.
- Windows 10 Version 1809, 20H2, 21H1, 21H2
- Windows 11
- Windows Server 2019, 2022, 20H2
Possible Affected Canon Medical Systems Products:
Affected Canon Medical Systems Products
- None
Canon Medical Products under investigation
- None
- None
The following measures are effective in your network environment to prevent exploit of this security vulnerability.
- Block http/https ports at the Firewall appliance on the facilities network.
- http: 80/tcp
- https: 443/tcp
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems global webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
