The vulnerability allows an unauthenticated attacker to remotely execute code as kernel. By sending a specially crafted packet to an affected server, an attacker can target a server utilizing the HTTP Protocol Stack (http.sys) to process packets. Windows 10 is also configured as a web server, so it is impacted as well.
Remote Code Execution
Visit the vendor website for more details, patches, and mitigation techniques. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166