A new proof of concept exploit has been released for CVE-2021-31166, a remote code execution vulnerability in Microsoft's HTTP Protocol Stack that is exploitable without authentication and according to Microsoft, wormable between HTTP services. This use after free vulnerability affects the HTTP.SYS component which handles the HTTP protocol stack, specifically the http!UlpParseContentCoding method.

Microsoft addressed this issue in their monthly security update collection released on May 11th, it is recommended to apply  updates to prevent security incidents from happening.