Microsoft CVE-2018-0956: HTTP/2 Server Denial of Service Vulnerability
Description
A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an unauthenticated attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP/2 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.
Solution(s)
- msft-kb4093107-08089676-57b7-4989-a27a-3759fa8d6293
- msft-kb4093107-50d58037-2bcc-4a70-88ee-08807c15d7c1
- msft-kb4093109-98ac416f-e0b8-4ced-9de8-d229b75b4d7a
- msft-kb4093109-a4bfa4a8-f44e-4592-86ec-e8d606a3834a
- msft-kb4093111-8d8e864a-f255-490d-98b0-4a825a5cae59
- msft-kb4093111-d5034640-e881-4563-bfe3-d0c3fc27fa1e
- msft-kb4093112-7a639cb5-17a8-47d3-8879-3a2827b51b56
- msft-kb4093112-7dd55f48-a1f3-4945-80c1-5ce237a6a28d
- msft-kb4093112-936c76bd-d063-4f5c-82d9-7fb5dcbf720d
- msft-kb4093119-6dff2995-bf8d-4ef1-81b1-c1bc64b59b80
- msft-kb4093119-74292a2d-143e-450b-bdff-d56ac8c86c4f
- msft-kb4093119-d00807b9-f15f-4e04-a1f3-b94cd2d3f66a
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center