View all Worklets
Windows

Windows - Security - Mitigate HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487)

Mitigates HTTP/2 Rapid Reset Attack Vulnerability CVE-2023-44487

Worklet Details

Introduction to the Powershell-based Windows - Security - Mitigate HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487) Worklet

The Powershell-based Worklet titled "Windows - Security - Mitigate HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487)" is a preventive script against a potential security threat. 

This Worklet focuses on mitigating a specific vulnerability in the HTTP/2 protocol, designated as CVE-2023-44487. This vulnerability could allow an attacker to disrupt services on a web server via rapid reset attacks. 

The Worklet mitigates the vulnerability by modifying key registry values and disabling the HTTP/2 protocol on the web server until the updates can be installed.

Why would you use the Mitigate HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487) Worklet?

The purpose of this Worklet is to provide an efficient solution for system administrators to secure their systems against a potential HTTP/2 Rapid Reset Attack. Until the updates addressing this vulnerability are installed, this Worklet acts as a crucial line of defense by disabling the HTTP/2 protocol on the web server.

Components of the Mitigate HTTP/2 Rapid Reset Attack Vulnerability ( CVE-2023-44487) Worklet

The key components of this Worklet are the built-in functions: Test-Registry and Set-Registry. The Test-Registry function checks for the current registry configuration against the desired state. If the conditions are not met, the function flags the device for remediation. 

The Set-Registry function ensures the desired registry configuration is set correctly. Both functions work cohesively to ensure the device is compliant with the desired state.

How does the Mitigate HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487) Worklet work?

The Worklet operates by first defining the desired registry configuration for 'EnableHttp2TIs' and 'EnableHttp2Cleartext'. With the configuration set, the Test-Registry function checks the current system registry against the desired state. If the current system registry doesn't match the desired state, the system is flagged for remediation. The Set-Registry function then runs to ensure the device registry configuration aligns with the desired state.

What is the expected outcome when you use the Windows - Security - Mitigate HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487) Worklet?

Upon successful execution of this Worklet, the HTTP/2 protocol on the web server should be disabled, thereby mitigating the HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487). If the registry configuration of the device does not align with the desired state, the device will be flagged for remediation.

This Worklet aims to secure systems by adhering to Microsoft's recommended mitigation steps for this specific vulnerability until a time where the update can be installed. 

View in app

Consider Worklets your easy button

What's a Worklet?

A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.

do more with worklets