Microsoft · Windows Server 2016 · CVE-2018-0956
**Name of the Vulnerable Software and Affected Versions**
Windows Server 2016
Windows 10
Windows 10 Servers
**Description**
The issue is related to the implementation of the HTTP 2.0 protocol in the HTTP.sys driver of Windows operating systems, which is associated with insufficient input validation. This can be exploited by a remote attacker using a specially crafted HTTP packet to cause a denial of service.
**Recommendations**
For Windows Server 2016, update to a version that includes the fix for this issue.
For Windows 10, update to a version that includes the fix for this issue.
For Windows 10 Servers, update to a version that includes the fix for this issue.