Eng en

Select Country or Region

Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

You are here: Threats Vulnerability protection Microsoft HTTP.sys vulnerability could allow denial of service

Vulnerability protection

HTTP.sys vulnerability could allow denial of service


Report ID: MS201305003
Date Published: 15 May 2013

Criticality: Important
Compromise Type: denial-of-service
Compromise From: remote

Affected Product/Component:

Windows 8
Windows Server 2012
Windows RT




Summary

A vulnerability in Windows caused by improper handling of a malicious HTTP header could lead to denial of service condition.



Detailed Description

Microsoft has issued a security update to address a vulnerability affecting Windows 8 and Windows Server 2012. The vulnerability resulted when malicious HTTP headers are improperly handled, and it could cause the affected system to stop responding.

This issue has been resolved through the update by correcting the way that HTTP protocol stack (HTTP.sys) handles HTTP headers. Users are recommended to install the latest update to their system as a protection measure against possible exploit attemtps.



CVE Reference

CVE-2013-1305



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-039)



Source

Microsoft Security Bulletin MS13-039



F-Secure Health Check

F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.



Health Check

 
Evaluate your computer's security and see recommended updates for popular programs.

 

Try it

Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.

 

Read F-Secure advisories