Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Open Data protocol vulnerability could allow denial of service


Report ID: MS201301007
Date Published: 10 January 2013

Criticality: Important
Compromise Type: denial-of-service
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8
Windows Server 2012




Summary

A vulnerability in Open Data (OData) specification could cause a server or a service to stop responding and restart.



Detailed Description

Microsoft has released a security update following the report of a vulnerability in the Open Data (OData) protocol which resulted when Windows Communication Foundation (WCF) fails to properly sanitize specially crafted values. An attacker could exploit this condition to perform denial of service attack and causes sites that use .NET WCF Services to be inaccessible.

The vulnerability issue has been fixed in the latest security update by turning off the WCF Replace function by default. Users are recommended to install the update as a protection measure against potential exploit attempts.



CVE Reference

CVE-2013-0005



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-007)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.