Endpoint Vulnerability

Microsoft IIS Server Tampering Vulnerability

Description

A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. To exploit the vulnerability, an attacker would need to send a malformed HTTP request to an affected server. The update addresses the vulnerability by modifying how IIS Server handles malformed request headers.

Affected Products

Windows RT 8.1,Windows Server, version 1903 (Server Core installation),Windows Server 2016,Windows Server, version 1803 (Server Core Installation),Windows Server 2012,Windows 8,Windows 7,Windows 10,Windows Server 2008,Windows Server, version 1909 (Server Core installation)

References

CVE-2020-0645,