Monday, February 10, 2025
HomeComputer SecurityMalicious HTTP/2 Requests on IIS Server Cause The System CPU Usage to...

Malicious HTTP/2 Requests on IIS Server Cause The System CPU Usage to Spike to 100%

Published on

SIEM as a Service

Follow Us on Google News

Microsoft Security advisory released a new flaw in IIS server that Microsoft
 the system CPU usage to spike to 100% when malicious HTTP/2 requests are sent to a Windows Server.

This malicious process will remain continually affected the CPU usage until the Malicious connection killed by the IIS server.

IIS is a web server created by Microsoft that supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NNTP.

This potential vulnerability affected with both IIS software versions Windows 10 and Windows Server 2016.

HTTP/2 is a revised version of HTTP network protocol used by the World Wide Web and HTTP/2 is the first new version of HTTP since HTTP 1.1.

In this case, Microsoft said ” The HTTP/2 specification allows clients to specify any number of SETTINGS frames with any number of SETTINGS parameters. In some situations, excessive settings can cause services to become unstable and may result in a temporary CPU usage spike until the connection timeout is reached and the connection is closed. “

Microsoft released the security updates for this flaw under the impact of “Defense in Depth

Microsoft didn’t revealed any technical information about this bug and Microsoft added the ability to define a threshold on the number of HTTP/2 SETTINGS included in a request.

So once the update will be taking effect, IIS administrators will be able to customize HTTP/2 SETTINGS in order to prevent it from the malicious request and avoid the rising of CPU spike to 100%.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Around 8 million websites affected by a critical Buffer Overflow Vulnerability resides in IIS 6.0

Most Important Web Server Penetration Testing Checklist

Rising Threats in CyberSpace – Organizations Must be Prepared to Experience


Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

New ‘BYOTB’ Attack Exploits Trusted Binaries to Evade Detection, Researchers Reveal

A recent cybersecurity presentation at BSides London 2024 has unveiled a sophisticated attack technique...

SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account

A severe security vulnerability, tracked as CVE-2025-23369, has been identified in GitHub Enterprise Server...

NanoCore RAT Attack Windows Using Task Scheduler to Captures keystrokes, screenshots

NanoCore, a notorious Remote Access Trojan (RAT), continues to pose a significant threat to...

Hackers Exploiting Google Tag Managers to Steal Credit Card from eCommerce Sites

In a concerning development, cybercriminals are leveraging Google Tag Manager (GTM), a legitimate tool...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

New ‘BYOTB’ Attack Exploits Trusted Binaries to Evade Detection, Researchers Reveal

A recent cybersecurity presentation at BSides London 2024 has unveiled a sophisticated attack technique...

SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account

A severe security vulnerability, tracked as CVE-2025-23369, has been identified in GitHub Enterprise Server...

NanoCore RAT Attack Windows Using Task Scheduler to Captures keystrokes, screenshots

NanoCore, a notorious Remote Access Trojan (RAT), continues to pose a significant threat to...