Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

HTTP.sys vulnerability could allow denial of service


Report ID: MS201305003
Date Published: 15 May 2013

Criticality: Important
Compromise Type: denial-of-service
Compromise From: remote


Affected Product/Component:

Windows 8
Windows Server 2012
Windows RT




Summary

A vulnerability in Windows caused by improper handling of a malicious HTTP header could lead to denial of service condition.



Detailed Description

Microsoft has issued a security update to address a vulnerability affecting Windows 8 and Windows Server 2012. The vulnerability resulted when malicious HTTP headers are improperly handled, and it could cause the affected system to stop responding.

This issue has been resolved through the update by correcting the way that HTTP protocol stack (HTTP.sys) handles HTTP headers. Users are recommended to install the latest update to their system as a protection measure against possible exploit attemtps.



CVE Reference

CVE-2013-1305



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-039)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.