    FTNT   US34959E1091

FORTINET, INC.

(FTNT)
Fortinet : Analysis of Microsoft CVE-2022-21907

02/16/2022 | 02:26pm EST
FortiGuard Labs Research

Affected Platforms: Windows Server 2022, Windows Server 2019, Windows 10
Impacted Users: Any organization with affected Windows system
Impact: Denial of service to affected systems
Severity Level: High

On January 11th, 2022 Microsoft released a patch for CVE-2022-21907 as part of Microsoft's Patch Tuesday. CVE-2022-21907 attracted special attentions from industry insiders due to the claim that the vulnerability is worm-able. In this analysis we will look at the cause of the vulnerability and how attackers can exploit it.

CVE-2022-21907 is a remote code execution vulnerability in Windows' Internet Information Services (IIS) component. More specifically, it affects the kernel module inside http.sys that handles most of the IIS core operations. At a minimum, the vulnerability can lead to denial of service conditions on the victim's machine by crashing the operating system. It might also be possible to combine this vulnerability with another vulnerability to enable remote code execution.

We used Windows 2022 Server 10.0.20348.143 as the base of our analysis. IIS is also present on Windows 10. We also looked at the Windows 10 (2H 2021) http.sys and confirmed that the same vulnerable code path exists. However, since IIS is not enabled by default on Windows 10, the chance of Windows 10 systems being exploited is significantly less.

First, we performed a binary differential between the vulnerable http.sys and the patched http.sys (10.0.20348.469). The program Bindiff compared the two binary files and highlighted the functions that have been modified. While a few functions were heavily modified, we were interested in two particular functions-http!UlpAllocateFastTracker() and http!UlFastSendHttpResponse() .

(As an aside, we did our initial analysis on Windows 10 http.sys, and these two functions are the only ones patched on Windows 10.)

In http!UlpAllocateFastTracker(), we see the following differences:

Disclaimer

Fortinet Inc. published this content on 15 February 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 16 February 2022 19:25:05 UTC.


© Publicnow 2022
Financials (USD)
Sales 2021 3 341 M - -
Net income 2021 581 M - -
Net cash 2021 2 612 M - -
P/E ratio 2021 92,5x
Yield 2021 -
Capitalization 52 716 M 52 716 M -
EV / Sales 2021 15,0x
EV / Sales 2022 11,5x
Nbr of Employees 9 700
Free-Float 82,0%
Chart FORTINET, INC.
Duration : Period :
Fortinet, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends FORTINET, INC.
Short TermMid-TermLong Term
TrendsBullishNeutralBullish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus OUTPERFORM
Number of Analysts 30
Last Close Price 322,42 $
Average target price 364,68 $
Spread / Average Target 13,1%
EPS Revisions
Managers and Directors
Ken Xie Chairman & Chief Executive Officer
Michael Xie President, Director & Chief Technology Officer
Keith Franklin Jensen CFO, Chief Accounting Officer & Controller
Phil Quade Chief Information Security Officer
William H. Neukom Lead Independent Director
Sector and Competitors
1st jan.Capi. (M$)
FORTINET, INC.-10.29%52 716
ACCENTURE PLC-20.54%208 187
TATA CONSULTANCY SERVICES LTD.2.13%187 651
INTERNATIONAL BUSINESS MACHINES CORPORATION-2.78%116 530
INFOSYS LIMITED-7.92%96 811
SNOWFLAKE INC.-11.44%91 890