hackerbrother

Learn Penetration Testing And Ethical Hacking Online.

facebook

  • Facebook
  • Popular Posts

    Windows IIS
    Microsoft issued a security advisory which reveals that Windows Server and Windows 10 servers running Internet Information Services (IIS) are vulnerable to denial of service (DOS) attacks.
    To be more exact, all IIS servers running Windows Server 2016, Windows Server version 1709, Windows Server version 1803, as well as Windows 10 (versions 1607, 1703, 1709 and 1803) are affected by this DoS problem.
    The vulnerability described in Microsoft's ADV190005 security warning makes it possible for a potential remote attacker to activate a DoS condition by taking advantage of an IIS resource depletion error that "could cause the system's CPU usage to increase to 100% until it is eliminate malicious connections through IIS. " Malicious actors can launch DoS attacks against vulnerable Windows servers by sending HTTP / 2 requests created for malicious purposes.
    Microsoft indicates in the notice that there are no known solutions or solutions for the vulnerability notified by Gal Goldshtein of F5 Networks , and recommends that all users install security updates, for the systems listed in the table below.
    Product                                                                               Notice
    Windows 10 Version 1607 for 32-bit Systems                       4487006
    Windows 10 Version 1607 for x64-based Systems               4487006
    Windows 10 Version 1703 for 32-bit Systems                       4487011
    Windows 10 Version 1703 for x64-based Systems               4487011
    Windows 10 Version 1709 for 32-bit Systems                       4487021
    Windows 10 Version 1709 for 64-based Systems                 4487021 
    Windows 10 Version 1709 for ARM64-based Systems         4487021 
    Windows 10 Version 1803 for 32-bit Systems                       4487029 
    Windows 10 Version 1803 for ARM64-based Systems         4487029 
    Windows 10 Version 1803 for x64-based Systems               4487029
    Windows Server 2016                                                           4487006
    Windows Server 2016 (Server Core installation)                  4487006 
    Windows Server, version 1709 (Server Core Installation)    4487021
    Windows Server, version 1803 (Server Core Installation)    4487029

    As detailed by Microsoft in its security notice ADV190005:
    The HTTP/2 specification allows clients to specify any number of SETTINGS frames 
    with any number of SETTINGS parameters. In some situations, excessive settings can 
    cause services to become unstable and may result in a temporary CPU usage spike until 
    the connection timeout is reached and the connection is closed.
    As a mitigation measure, the Redmond security team "added the ability to define thresholds in the amount of HTTP / 2 CONFIGURATIONS included in a request", the threshold levels that IIS administrators must configure after assessing their environment. systems and HTTP / 2 Protocol requirements, since they will not be preconfigured by Microsoft.

    To set these limits, Microsoft added the following registry entries in the vulnerable versions of Windows 10:
    Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
    Name: Http2MaxSettingsPerFrame
    Type: DWORD
    Data: Supported min value 7 and max 2796202. Out of range values trimmed to corresponding min/max end value.
    
    Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
    Name: Http2MaxSettingsPerMinute
    Type: DWORD
    Data: Supported min value 7. Smaller value trimmed to the min value. 
    Once the thresholds are set on a Windows system running IIS, the connections will be removed immediately:
    If a single configuration frame contains more configuration parameters than the value "Http2MaxSettingsPerFrame" 
    If the number of configuration parameters contained in multiple configuration frames received in a minute crosses the value "Http2MaxSettingsPerMinute" 
    It is also important to note that, according to Microsoft , a restart of the service or a restart of the server may be necessary for the newly added registry values ​​to be read.
    Windows servers that are running have been previously exploited by attackers with the help of a zero day in IIS 6.0 that affects the WebDAV service included by default in all IIS distributions, between July 2016 and March 2017.

    0 Comments