Proof-of-concept exploit code has been released for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions. The bug, tracked as CVE-2021-31166, was found in the HTTP Protocol Stack (http!UlpParseContentCoding) used by the Windows Internet Information Services (IIS) web server as a protocol listener for processing HTTP requests. Microsoft has patched the vulnerability during this month’s Patch Tuesday, and it impacts ONLY Windows 10 versions 2004/20H2.
Source: https://www.bleepingcomputer.com/news/security/exploit-released-for-wormable-windows-http-vulnerability/