MS.Windows.HTTP2.Resource.Loop.DoS

description-logoDescription

This indicates an attack attempt to exploit a Denial of Service Vulnerability in Microsoft Windows Server.
A remote, unauthenticated attacker can exploit this vulnerability on a Windows system running IIS. By sending a continuous steam of crafted HTTP/2 frames, the attacker can cause a significant resource exhaustion on the target server, and leading to a potential denial-of-service condition especially if a distributed network of source machines are employed.

affected-products-logoAffected Products

Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server version 1803 (Server Core Installation)
Microsoft Windows Server version 1903 (Server Core installation)

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-9513

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-11-07 26.672 Sig Added
2019-10-23 14.709 Default_action:pass:drop
2019-10-04 14.700