#dos

### Summary Koa uses an evil regex to parse the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. This can be exploited to carry out a Denial-of-Service attack. ### PoC Coming soon. ### Impact This is a Regex Denial-of-Service attack and causes memory exhaustion. The regex should be improved and empty values should not be allowed.

Microsoft’s February Patch Tuesday addresses 63 security vulnerabilities, including two actively exploited zero-days. Update your systems now to…

More than half of attacks on Indian businesses come from outside the country, while 45% of those targeting consumers come from Cambodia, Myanmar, and Laos.

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?** An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?** An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?** An attacker can send specially crafted messages to the MSMQ service, which could affect availability of the service and result in Denial of Service (DoS).

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?** An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).

**According to the CVSS metrics, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?** An authenticated attacker would need to perform specific actions on a vulnerable system, then convince another user on that system to interact with the Windows Deployment Services functionality.