1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

Vulnerability protection

HTTP.sys vulnerability could allow denial of service

Report ID: MS201305003
Date Published: 15 May 2013

Criticality: Important
Compromise Type: denial-of-service
Compromise From: remote

Affected Product/Component:

Windows 8
Windows Server 2012
Windows RT


A vulnerability in Windows caused by improper handling of a malicious HTTP header could lead to denial of service condition.

Detailed Description

Microsoft has issued a security update to address a vulnerability affecting Windows 8 and Windows Server 2012. The vulnerability resulted when malicious HTTP headers are improperly handled, and it could cause the affected system to stop responding.

This issue has been resolved through the update by correcting the way that HTTP protocol stack (HTTP.sys) handles HTTP headers. Users are recommended to install the latest update to their system as a protection measure against possible exploit attemtps.

CVE Reference



Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-039)

Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.