PT-2018-18497 · Microsoft · Windows Server 2016+2

Published

2018-06-12

Updated

2019-10-03

CVE-2018-8226

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Windows Server 2016 Windows 10 Windows 10 Servers

Description A denial of service issue exists due to improper parsing of specially crafted HTTP 2.0 requests in the HTTP.sys protocol stack. This allows attackers to affect the system.

Recommendations For Windows Server 2016, update the HTTP.sys protocol stack to a version that properly handles HTTP 2.0 requests. For Windows 10, update the HTTP.sys protocol stack to a version that properly handles HTTP 2.0 requests. For Windows 10 Servers, update the HTTP.sys protocol stack to a version that properly handles HTTP 2.0 requests.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-8226

Affected Products

Windows

Windows 10

Windows Server 2016

PT-2018-18497 · Microsoft · Windows Server 2016+2

CVE-2018-8226

Related Identifiers

Affected Products

References · 7