Skip to main content

Microsoft Internet Information Services (IIS) Denial Of Service Vulnerability

Last Update Date: 22 Feb 2019 10:46 Release Date: 22 Feb 2019 4891 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

A vulnerability has been identified in Microsoft Internet Information Services (IIS), a remote attacker can exploit this vulnerability to send a HTTP/2 crafted packet, which can cause Denial of Service condition on targeted system.


Impact

  • Denial of Service

System / Technologies affected

  • Windows 10 (versions 1607, 1703, 1709, and 1803)
  • Windows Server 2016
  • Windows Server Version 1709
  • Windows Server Version 1803

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued security updates for the products.
  • After applying the updates, IIS administrators need to configure the HTTP/2 limitation of threshold.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link