Disable HTTP/2 on Windows servers to mitigate CVE-2023-44487 Rapid Reset vulnerability
This Automox Worklet™ disables HTTP/2 protocol support on Windows endpoints by setting two critical registry values to zero. The Worklet targets the HTTP.sys driver, which handles HTTP and HTTPS connections for Internet Information Services (IIS) and other web services.
The Worklet modifies the registry path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters by setting EnableHttp2Tls and EnableHttp2Cleartext values to 0. This disables HTTP/2 for both encrypted (TLS) and cleartext connections, effectively preventing rapid reset attacks while you deploy permanent security updates.
Microsoft's recommended approach is to disable HTTP/2 as an immediate mitigation. This Worklet automates that process, delivering consistent configuration across your server fleet without manual registry editing.
CVE-2023-44487 is a critical vulnerability in the HTTP/2 protocol that allows attackers to send specially crafted requests causing rapid stream resets. An attacker can exploit this to exhaust server resources, causing denial-of-service (DoS) conditions on your web endpoints.
Disabling HTTP/2 eliminates the attack surface while maintaining service availability. Endpoints fall back to HTTP/1.1, which is unaffected by this vulnerability. This approach provides immediate protection while you plan and deploy official security patches from Microsoft.
For internet-facing web servers, this mitigation prevents attackers from launching DoS attacks, protecting your infrastructure availability and maintaining uninterrupted service for your users.
Evaluation phase: The Worklet queries the registry to check if EnableHttp2Tls and EnableHttp2Cleartext are already set to 0. If either value is missing, has a different value, or the registry path does not exist, the endpoint is flagged for remediation.
Remediation phase: The Worklet creates the registry path if necessary and sets both EnableHttp2Tls and EnableHttp2Cleartext to 0 (DWORD type). This change takes effect immediately for new connections, though a reboot is recommended to allow all services to restart with the new configuration.
Windows Server 2012 R2 or later (Windows Server 2016, 2019, 2022)
Local administrator privileges on the endpoint
IIS, HTTP API, or other HTTP.sys-dependent services (can run safely on systems without HTTP services)
Reboot recommended after remediation to allow all web services to restart
FixNow compatible for immediate deployment during scheduled maintenance windows
After the Worklet runs successfully, the EnableHttp2Tls and EnableHttp2Cleartext registry values will be set to 0 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters. Web services will no longer accept HTTP/2 connections and will automatically negotiate HTTP/1.1 instead.
Your endpoints remain protected against CVE-2023-44487 until you deploy Microsoft's official security patches. After patching, you can re-enable HTTP/2 by setting the registry values back to 1 and rebooting. The Worklet is compatible with Microsoft's automated remediation processes once patches are available.
Run this Worklet on a pilot Windows endpoint and review evaluation output for mitigate http/2 rapid reset attack vulnerability ( cve-2023-44487 ).
Confirm Automox activity logs show successful completion and exit code 0.
Verify endpoint state using checks aligned to evaluation script logic, such as Test-Registry, Write-Verbose, Write-Error.
Validate remediation effects from script operations such as Test-Registry, Write-Verbose, Write-Error, then rerun evaluation for compliance.


By submitting this form you agree to our Master Services Agreement and Privacy Policy.
Already have an account? Log in
Consider Worklets your easy button
A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.

AUTOMOX + WORKLETS™
Uncover new possibilities with simple, powerful automation.
By submitting this form you agree to our Master Services Agreement and Privacy Policy