An HTTP exploit is being used for DDoS attacks.
This means that while patching efforts are well underway, fixes will need to essentially reach every web server globally before these attacks can be fully stamped out.
Dubbed “HTTP/2 Rapid Reset,” the vulnerability can only be exploited for denial of service—it doesn’t allow attackers to remotely take over a server or exfiltrate data.
This is fine.