Microsoft HTTP/2 Server CVE-2019-9512 Denial of Service Vulnerability
Description
A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an unauthenticated attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP/2 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.
Affected Applications
Windows 10
Windows Server 2016
Windows Server version 1803 (Server Core Installation)
Windows Server version 1903 (Server Core installation)
Windows Server 2019