diff --git a/release-notes/2.2/2.2.4/2.2.4.md b/release-notes/2.2/2.2.4/2.2.4.md
index e8917ff6..a0826d73 100644
--- a/release-notes/2.2/2.2.4/2.2.4.md
+++ b/release-notes/2.2/2.2.4/2.2.4.md
@@ -56,6 +56,13 @@ See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blo
 
 .NET Core 2.2.4 release carries both security and non-security fixes.
 
+### Microsoft Security Advisory CVE-2019-0815: ASP.NET Core denial of service vulnerability
+
+[aspnet/Announcements#352](https://github.com/aspnet/Announcements/issues/352)
+
+Microsoft is releasing this security advisory to provide information about a vulnerability in public ASP.NET Core 2.2. This advisory also provides guidance on what developers can do to update their applications correctly.
+Microsoft is aware of a security vulnerability in all public versions of ASP.NET Core where, if an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request can cause a Denial of Service. The security update addresses the vulnerability by ensuring the IIS worker process does not crash in response to specially crafted requests.
+
 ### Additional fixes in this release
 * [CoreCLR](https://github.com/dotnet/coreclr/issues?utf8=%E2%9C%93&q=milestone%3A2.2.4+label%3Aservicing-approved)
 * [CoreFX](https://github.com/dotnet/corefx/issues?utf8=%E2%9C%93&q=milestone:2.2.4+label:servicing-approved)