Date: October 11, 2023
This Alert is intended for IT professionals and managers.
An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.
The Cyber Centre is aware of industry researchFootnote 1Footnote 2Footnote 3 regarding a recent vulnerabilityFootnote 4 impacting HTTP/2, a version of the HTTP protocol most commonly used for webservers. Vulnerability CVE-2023-44487 leverages a flaw in HTTP/2 which results in an overload of a targeted web server with malformed requests, leading to a denial of service. Open source has reported that this vulnerability has been exploited in the wild.Footnote 1
On October 10, 2023, Microsoft published an article on the activity and has published patches for impacted systems.Footnote 5
This Alert is being published to raise awareness of CVE-2023-44487, to highlight the potential impact to organizations and to provide guidance for organizations who may be targeted by related malicious activity.
The Cyber Centre recommends organizations:
- Immediately patch affected systems when updates addressing this vulnerability become available.
- Enable web application firewall (WAF) rate limiting rules.Footnote 5
- Restrict internet access to your web applications based upon known malicious IP addresses or geographic location, where possible.Footnote 5
- Review and implement preventative actions outlined within the Cyber Centre’s guidance on protecting your organization against denial-of-service attacks.Footnote 6
- Review the Cybersecurity and Infrastructure Security Agency (CISA) published guidance for US agencies to aid in DDoS considerations including technical mitigation recommendations in responding to DDoS activity.Footnote 7
- Review industry research for additional recommendations.Footnote 1Footnote 2Footnote 3
In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security ActionsFootnote 8 with an emphasis on the following topics:
- Consolidate, monitor, and defend Internet gateways
- Isolate web-facing applications