Open Data protocol vulnerability could allow denial of service
Report ID: MS201301007
Date Published: 10 January 2013
Compromise Type: denial-of-service
Compromise From: remote
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
A vulnerability in Open Data (OData) specification could cause a server or a service to stop responding and restart.
Microsoft has released a security update following the report of a vulnerability in the Open Data (OData) protocol which resulted when Windows Communication Foundation (WCF) fails to properly sanitize specially crafted values. An attacker could exploit this condition to perform denial of service attack and causes sites that use .NET WCF Services to be inaccessible.
The vulnerability issue has been fixed in the latest security update by turning off the WCF Replace function by default. Users are recommended to install the update as a protection measure against potential exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-007)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.