Intrusion Prevention

MS.Windows.HTTP2.Data.Dribble.DoS

Description

This indicates an attack attempt to exploit a Denial of Service Vulnerability in Microsoft Windows Server.
A remote, unauthenticated attacker can exploit this vulnerability on a Windows system running IIS. By sending a continuous steam of crafted HTTP/2 frames, the attacker can cause a significant resource exhaustion on the target server, and leading to a potential denial-of-service condition especially if a distributed network of source machines are employed.

Affected Products

Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server version 1803 (Server Core Installation)
Microsoft Windows Server version 1903 (Server Core installation)

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-9511

CVE References

CVE-2019-9511