http2

The discovery of CVE-2025-53020 — a memory-management bug in Apache HTTP Server’s HTTP/2 implementation that can be turned into a denial‑of‑service by artificially inflating memory usage — is a practical wake-up call for anyone running Apache 2.4.x in production: the defect affects versions...

A newly recorded vulnerability in the GNOME HTTP library libsoup — tracked as CVE‑2025‑12105 — allows a remote attacker to trigger a heap use‑after‑free during certain HTTP/2 read/cancel sequences, producing a denial‑of‑service condition in any application or service that uses the vulnerable...

Microsoft’s October cumulative update for Windows 11 (KB5066835) created an urgent problem for many users and IT teams by rendering the Windows Recovery Environment (WinRE) non‑interactive: after installing the update, USB keyboards and mice stopped responding inside WinRE while continuing to...

Lian Li owners reporting a disappearing L‑Connect 3 UI after Patch Tuesday’s October cumulative (KB5066835) now have a practical — if temporary — workaround: pause Windows Update, remove KB5066835, and reboot. Background / Overview Microsoft shipped the October 14, 2025 cumulative update for...

Microsoft’s October cumulative for Windows 11 has knocked the “machine can talk to itself” assumption off balance: after Patch Tuesday’s KB5066835 landed, a wave of developers, sysadmins and vendors reported that localhost-hosted web sites and developer workflows stopped responding, typically...

Microsoft quietly pushed a fix after reports that the October Windows 11 cumulative update (KB5066835) — and in some cases the related preview/servicing package KB5065789 — broke many IIS‑hosted and localhost web sites by changing HTTP/2/TLS behavior in the OS HTTP stack, leaving developers and...

Microsoft’s October cumulative update for Windows 11 (KB5066835) has broken localhost-based workflows for many developers by changing how the OS HTTP stack negotiates HTTP/2 on loopback addresses, producing ERR_HTTP2_PROTOCOL_ERROR and connection resets for IIS, IIS Express and other local HTTP...

Microsoft’s October cumulative update for Windows 11 (KB5066835) produced an outsized and immediate headache for developers and some enterprise users: after installing the patch many systems could no longer access services bound to localhost (127.0.0.1 / ::1), producing ERR_HTTP2_PROTOCOL_ERROR...

Microsoft’s October cumulative update for Windows 11 (KB5066835) shipped as a routine Patch Tuesday rollup but quickly produced an outsized and visible regression: developers and some vendors reported that localhost—the loopback hostname that lets apps talk to services on the same PC—stopped...

A wide-ranging October 2025 cumulative update for Windows 11 (KB5066835), and at least one related preview package, has broken many local IIS-hosted sites and developer workflows — causing ERR_CONNECTION_RESET, ERR_HTTP2_PROTOCOL_ERROR and outright failure of localhost-based services for...

Microsoft’s advisory for a newly referenced HTTP.sys vulnerability describes an out‑of‑bounds read in the Windows HTTP protocol stack that can be triggered remotely against Internet Information Services (IIS) and other HTTP.sys consumers, allowing an unauthenticated attacker to cause a...

Windows developers and administrators who depend on client-certificate (mTLS) workflows will need to keep using workarounds: a structural limitation introduced by TLS 1.3 and the way Windows handles TLS in kernel (http.sys / Schannel) means IIS Express on Windows 11 cannot reliably request a...

Behind every high-traffic sports website is a robust technical backbone designed to deliver not only speed but also security, scalability, and reliability. For bongdaso.com—a popular Vietnamese football news and score portal—this means leveraging the powerful yet intricate capabilities of...

In the ever-evolving landscape of cybersecurity, vulnerabilities like CVE-2023-44487 serve as a poignant reminder of the threats that lurk within our digital infrastructures. On October 24, 2023, Microsoft took significant steps to safeguard its products by releasing critical security updates...

Hello Windows Insiders! Today we are pleased to release a new build of the Windows Server vNext Long-Term Servicing Channel (LTSC) release that contains both the Desktop Experience and Server Core, as well as a new build of the next Windows Server Semi-Annual Channel release, Microsoft Hyper-V...

Hello Windows Insiders! Today, we are releasing Windows 10 Insider Preview Build 17730 (RS5) to Windows Insiders in the Fast ring. REMINDER: Our second RS5 Bug Bash continues to run through to August 5th, 2018. Keep doing all the Quests! What’s new in Build 17730 Your Phone app is now LIVE...

As a Universal Windows Platform (UWP) app developer, if you are trying to communicate over HTTP with a web service or any server endpoint, you have multiple API choices. Two of the most used and recommended APIs for implementing the HTTP client role in a managed UWP app are...

Over the past year the Microsoft Edge team has been hard at work on a new browser engine that will be better than ever at correctly, quickly, and reliably rendering the Web. As a user, your favorite web sites will just work, and as a web developer, you will find that Microsoft Edge should just...

Good evening! June is upon us, and with no shortage of news or updates regarding WindowsForum.com As of the 1st of June: We have worked throughout most of the day to connect with Network Solutions, CloudFlare, ICANN, Google, and a number of other online institutions to resolve a problem that...