News Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes - Printable Version +- Red Security (https://redsecurity.info/cc) +-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1) +--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4) +--- Thread: News Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes (/showthread.php?tid=955)

Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes - Mad-Architect - 02-21-2019         Microsoft recently sent out a security advisory in regards to a DDOS attack that was targeting its IIS [Internet Information Services] Microsoft's web server technology. Microsoft stated that their IIS servers had been shipped with a vulnerability that was hampering the processing of HTTP/2 requests.      HTTP/2 is the latest in the line of HTTP protocols that underpins what is known as the world wide web. Microsoft stated that the IIS server's incorrectly processing their HTTP/2 requests lead to CPU usage spikes that reached 100%, henceforth, slowing and halting the entire system.      In the advisory, Microsoft stated thus:      The HTTP/2 specification allows clients to specify any number of SETTINGS frames with any number of SETTINGS parameters. In some situations, excessive settings can cause services to become unstable and may result in a temporary CPU usage spike until the connection timeout is reached and the connection is closed.     As of the writing of this article, all bugs and holes, according to vendors, both 1st and 3rd party, have been patched.       Original article can be found here.       That was the news folks, have a good week, and stay safe out there.       ---Mad-Architect