QID 91934
Date Published: 2022-08-10
QID 91934: Microsoft Windows HTTP.sys Denial of Service (DoS) Vulnerability for August 2022
A Denial of Service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys)
The KB Articles associated with the update are:
5016681
5016683
5016672
5016684
5016622
5016616
5016627
5016623
QID Detection Logic (Authenticated):
This QID checks for the file version of http.sys.
In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the Server Name Indication (SNI) over HTTP Protocol Stack (http.sys) to process packets, causing a denial of service (DOS).
Solution
Please refer to the CVE-2022-35748 for more information pertaining to the vulnerability.
Vendor References
- CVE-2022-35748 -
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35748
CVEs related to QID 91934
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| 5016616 |
support.microsoft.com/en-in/help/5016616 |
||
| 5016622 |
support.microsoft.com/en-in/help/5016622 |
||
| 5016623 |
support.microsoft.com/en-in/help/5016623 |
||
| 5016627 |
support.microsoft.com/en-in/help/5016627 |
||
| 5016672 |
support.microsoft.com/en-in/help/5016672 |
||
| 5016681 |
support.microsoft.com/en-in/help/5016681 |
||
| 5016683 |
support.microsoft.com/en-in/help/5016683 |
||
| 5016684 |
support.microsoft.com/en-in/help/5016684 |