31 C
Jaipur
Thursday, October 29, 2020

Malicious HTTP/2 Requests on IIS Server Cause The System CPU Usage to Spike to 100%

Must read

America And Social Media Sites Have A Love-Hate Relationship

The U.S. is the birthplace of many of the major media sites we use today. Still, the American population shares a love-hate relationship with...

Microsoft Security advisory released a new flaw in IIS server that Microsoft
the system CPU usage to spike to 100% when malicious HTTP/2 requests are sent to a Windows Server.

This malicious process will remain continually affected the CPU usage until the Malicious connection killed by the IIS server.

IIS is a web server created by Microsoft that supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NNTP.

This potential vulnerability affected with both IIS software versions Windows 10 and Windows Server 2016.

HTTP/2 is a revised version of HTTP network protocol used by the World Wide Web and HTTP/2 is the first new version of HTTP since HTTP 1.1.

In this case, Microsoft said ” The HTTP/2 specification allows clients to specify any number of SETTINGS frames with any number of SETTINGS parameters. In some situations, excessive settings can cause services to become unstable and may result in a temporary CPU usage spike until the connection timeout is reached and the connection is closed. “

Microsoft released the security updates for this flaw under the impact of “Defense in Depth

Microsoft didn’t revealed any technical information about this bug and Microsoft added the ability to define a threshold on the number of HTTP/2 SETTINGS included in a request.

So once the update will be taking effect, IIS administrators will be able to customize HTTP/2 SETTINGS in order to prevent it from the malicious request and avoid the rising of CPU spike to 100%.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

America And Social Media Sites Have A Love-Hate Relationship

The U.S. is the birthplace of many of the major media sites we use today. Still, the American population shares a love-hate relationship with...