Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes
#1
[Image: Microsoft10.jpg]



        Microsoft recently sent out a security advisory in regards to a DDOS attack that was targeting its IIS [Internet Information Services] Microsoft's web server technology. Microsoft stated that their IIS servers had been shipped with a vulnerability that was hampering the processing of HTTP/2 requests. 

    HTTP/2 is the latest in the line of HTTP protocols that underpins what is known as the world wide web. Microsoft stated that the IIS server's incorrectly processing their HTTP/2 requests lead to CPU usage spikes that reached 100%, henceforth, slowing and halting the entire system. 

    In the advisory, Microsoft stated thus: 

    The HTTP/2 specification allows clients to specify any number of SETTINGS frames with any number of SETTINGS parameters. In some situations, excessive settings can cause services to become unstable and may result in a temporary CPU usage spike until the connection timeout is reached and the connection is closed.


    As of the writing of this article, all bugs and holes, according to vendors, both 1st and 3rd party, have been patched. 

     Original article can be found here.


      That was the news folks, have a good week, and stay safe out there.


      ---Mad-Architect


    
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Zoom adds Two-factor authentication (2FA) as extra layer of security News 1 94 Yesterday, 05:04 AM
Last Post: JJAskiz
Star News Homeland Security Issues Urgent Windows Security Warning Over Zerologon Exploit News 0 80 09-21-2020, 09:26 AM
Last Post: News
Star News Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution - CXSecu News 0 89 09-18-2020, 08:12 AM
Last Post: News
Star News Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform News 0 148 08-26-2020, 03:41 AM
Last Post: News
Brick News Website Security Breach Exposes 1 Million DNA Profiles Mr.Kurd 0 195 07-25-2020, 10:25 PM
Last Post: Mr.Kurd
Exclamation News Does TikTok Really Pose a Risk to US National Security? Mr.Kurd 0 166 07-25-2020, 10:13 PM
Last Post: Mr.Kurd
Big Grin News Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites Mr.Kurd 0 207 07-08-2020, 10:13 AM
Last Post: Mr.Kurd
Star News Microsoft Edge Now Alerts Users Of Breached Passwords Mr.Kurd 0 406 04-03-2020, 08:09 AM
Last Post: Mr.Kurd
Rainbow News Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi Mr.Kurd 0 410 03-26-2020, 09:03 AM
Last Post: Mr.Kurd
Exclamation News Hackers Exploiting 2 Unpatched Windows 0-Day Vulnerabilities in Wide – Microsoft Warn Mr.Kurd 0 665 03-24-2020, 07:56 AM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)