Blog Security Research A QUIC Shutdown: DoS Vulnerability in Windows Servers Running SMB over QUIC Ben Barnea is a Security Researcher at Akamai with interest and experience in conducting low-level security research and vulnerability research across various architectures, including Windows, Linux, IoT, and mobile. He enjoys learning how complex mechanisms work and, more important, how they fail. Executive summary \r\n \r\n Akamai researcher Ben Barnea found an important vulnerability in Microsoft Windows Server 2022, which was assigned CVE-2023-24898 with a base score of 7.5. \r\n \r\n The vulnerability lies in a missing check in a buffer allocation in the srvnet.sys driver. \r\n \r\n The vulnerability may lead to remote denial-of-service (DoS) attacks against Windows Server 2022 machines. The vulnerability can be triggered by an unauthenticated attacker over the internet. \r\n \r\n Only servers that use SMB over QUIC, a relatively new feature, are vulnerable.…