Exploit for MS Http Protocol Stack RCE vulnerability (CVE-2021-31166)
A specially crafted Http request targetting a vulnerable windows version will result into DOS attack. And the server will be rebooted with blue screen error. Http.sys is a windows kernel driver responsible for handling http requests and crafting a response for those. This vulnerable http.sys driver can't handle crafted "Accept-Encoding" header, and gets crashed. Resultantly, the server will reboot. On the blue screen, we can see error with "Stop Code: KERNEL SECURITY CHECK FAILED" This is a critical vulnerability with CVSS 9.8, easy to exploit.
Vulnerable windows versions: Windows 10, and Windows Server 2016 (20h2 and 2004 releases for both)
More Ref:
https://nvd.nist.gov/vuln/detail/CVE-2021-31166
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166