HTTP.sys vulnerability could allow denial of service
Report ID: MS201305003
Date Published: 15 May 2013
Compromise Type: denial-of-service
Compromise From: remote
Windows Server 2012
A vulnerability in Windows caused by improper handling of a malicious HTTP header could lead to denial of service condition.
Microsoft has issued a security update to address a vulnerability affecting Windows 8 and Windows Server 2012. The vulnerability resulted when malicious HTTP headers are improperly handled, and it could cause the affected system to stop responding.
This issue has been resolved through the update by correcting the way that HTTP protocol stack (HTTP.sys) handles HTTP headers. Users are recommended to install the latest update to their system as a protection measure against possible exploit attemtps.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-039)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.