Microsoft on Tuesday issued more than 100 security updates to fix flaws in its products, including two bugs that are already under active attack, as well as addressing an HTTP/2 weakness that has also been exploited in the wild. That last one – tracked as CVE-2023-44487 aka Rapid Reset – is an HTTP/2 protocol vulnerability that has been abused since August to launch massive distributed denial of service (DDoS) attacks.

Source: The Register