Microsoft Security Response Center δημοσίευσε χθες μια προειδοποίηση ασφαλείας για ένα πρόβλημα άρνησης παροχής υπηρεσιών (DOS) που έχει επιπτώσεις στην τεχνολογία IIS (Internet Information Services), την τεχνολογία που χρησιμοποιούν οι web servers της Microsoft.
According to Microsoft, IIS servers running Windows 10 and Windows Server 2016 are affected by vulnerabilities when processing HTTP / 2 requests.
HTTP / 2 is the latest version of the HTTP protocol supported by the World Wide Web (www), the part of the Internet that normal users can access through browsers.
Microsoft reports that IIS servers processing HTTP/2 requests can cause CPU usage to reach 100%, slowing down the entire system.
Gal Goldshtein, a software engineer at F5 Networks, was the one who discovered the problem It's worth mentioning that except of the safety warning ADV190005 released by Microsoft, to date no other information is available on this vulnerability.
Cumulative updates KB4487006, KB4487011, KB4487021 and KB4487029 released two days ago are supposed to fix the error of the IIS service we mentioned above.
According to the company, after the updates are implemented, IIS administrators will be able to adjust the HTTP / 2 request threshold and prevent the error caused by IIS freezing and a vertical increase in system CPU resources.
"Limits must be set by the IIS administrator," the company said, "not set by Microsoft."
_________________