CVE-2018-0956 Explained : Impact and Mitigation

A vulnerability in the HTTP 2.0 protocol stack (HTTP.sys) can result in a denial of service on Windows Server 2016, Windows 10, and Windows 10 Servers.

Understanding CVE-2018-0956

What is CVE-2018-0956?

The CVE-2018-0956 vulnerability is a denial of service issue caused by HTTP.sys improperly handling specially crafted HTTP 2.0 requests.

The Impact of CVE-2018-0956

This vulnerability can be exploited to trigger a denial of service condition on affected Windows systems, potentially disrupting services and causing system unavailability.

Technical Details of CVE-2018-0956

Vulnerability Description

The vulnerability arises from the incorrect processing of specific HTTP 2.0 requests by HTTP.sys, leading to a denial of service risk.

Affected Systems and Versions

Windows Server 2016 (Server Core installation)
Windows 10 (32-bit Systems, Versions 1511, 1607, 1703, 1709, x64-based Systems)
Windows 10 Servers (Version 1709, Server Core Installation)

Exploitation Mechanism

Attackers can exploit this vulnerability by sending specially crafted HTTP 2.0 requests to the affected systems, causing HTTP.sys to fail and resulting in a denial of service.

Mitigation and Prevention

Immediate Steps to Take

Apply the necessary security updates provided by Microsoft promptly.
Implement network-level protections to filter out malicious HTTP requests.
Monitor network traffic for any suspicious activity that could indicate an ongoing attack.

Long-Term Security Practices

Regularly update and patch all systems to mitigate known vulnerabilities.
Employ intrusion detection and prevention systems to identify and block potential attacks.

Patching and Updates

It is crucial to install the security updates released by Microsoft to address the CVE-2018-0956 vulnerability and enhance the security posture of the affected systems.