The HTTP/2 "Rapid Reset" (CVE-2023-44487) is a DoS vulnerability in the HTTP/2 protocol used by webservers.
For SaaS customers:
- AWS have implemented infrastructure-level protection against it.
- Microsoft have also released OS patches and all SaaS servers have been updated.
For On-Premise customers:
- Enterprise servers are configured to have HTTP/2 disabled by default.
- We still recommend that customers follow standard Microsoft best practices of having your servers up to date with the latest Windows updates, even if your Enterprise system is not accessible from the internet.
As a result no direct action is required from customers beyond on-premise users continuing to keep their servers up to date whether they are internet-exposed or not.
If you have additional questions after reviewing this notice, please contact Tech Support