Wednesday, February 21, 2024

Malicious HTTP/2 Requests on IIS Server Cause The System CPU Usage to Spike to 100%

Microsoft Security advisory released a new flaw in IIS server that Microsoft
 the system CPU usage to spike to 100% when malicious HTTP/2 requests are sent to a Windows Server.

This malicious process will remain continually affected the CPU usage until the Malicious connection killed by the IIS server.

IIS is a web server created by Microsoft that supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NNTP.

This potential vulnerability affected with both IIS software versions Windows 10 and Windows Server 2016.

HTTP/2 is a revised version of HTTP network protocol used by the World Wide Web and HTTP/2 is the first new version of HTTP since HTTP 1.1.

In this case, Microsoft said ” The HTTP/2 specification allows clients to specify any number of SETTINGS frames with any number of SETTINGS parameters. In some situations, excessive settings can cause services to become unstable and may result in a temporary CPU usage spike until the connection timeout is reached and the connection is closed. “

Microsoft released the security updates for this flaw under the impact of “Defense in Depth

Microsoft didn’t revealed any technical information about this bug and Microsoft added the ability to define a threshold on the number of HTTP/2 SETTINGS included in a request.

So once the update will be taking effect, IIS administrators will be able to customize HTTP/2 SETTINGS in order to prevent it from the malicious request and avoid the rising of CPU spike to 100%.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Around 8 million websites affected by a critical Buffer Overflow Vulnerability resides in IIS 6.0

Most Important Web Server Penetration Testing Checklist

Rising Threats in CyberSpace – Organizations Must be Prepared to Experience


Website

Latest articles

Beware of VietCredCare Malware that Steals businesses’ Facebook Accounts

A new cybersecurity threat targeting Facebook advertisers in Vietnam, known as VietCredCare, has emerged....

Google Chrome 122 Update Addresses Critical Security Vulnerabilities

Google has recently unveiled Chrome 122, a significant milestone for the widely used web...

New Malicious PyPI Packages Use DLL Sideloading In A Supply Chain Attack

Researchers have discovered that threat actors have been using open-source platforms and codes for...

New Mingo Malware Attacking Linux Redis Servers To Mine Cryptocurrency

The malware, termed Migo by the creators, attempts to infiltrate Redis servers to mine cryptocurrency on...

Security Onion 2.4.50 Released for Defenders With New Features

Security Onion Solutions has recently rolled out the latest version of its network security...

VMware Urges to Remove Enhanced EAP Plugin to Stop Auth & Session Hijack Attacks

VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin...

LockBit Ransomware Members Charged by Authorities, Free Decryptor Released

In a significant blow to one of the most prolific ransomware operations, authorities from...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles