Microsoft published a security advisory on its Security Response Center which discloses that Windows Server and Windows 10 servers running Internet Information Services (IIS) are vulnerable to denial of service (DOS) attacks. The vulnerability described in Microsoft’s ADV190005 security advisory makes it possible for a potential remote attacker to trigger a DoS condition by taking advantage of an IIS resource exhaustion bug. Microsoft states in the advisory that there are no known mitigations or workarounds for the vulnerability reported by Gal Goldshtein of F5 Networks.
Source: https://www.bleepingcomputer.com/news/security/windows-servers-vulnerable-to-iis-resource-exhaustion-dos-attacks/