Microsoft Windows 'HTTP.sys' Denial Of Service Vulnerability (2829254) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-039.

Impact

Successful exploitation will allow remote attackers to trigger an infinite loop and cause denial of service condition. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms13-039

Insight

Flaw is due to an error within the HTTP protocol stack (HTTP.sys) when handling HTTP headers.

Affected

Microsoft Windows 8 Microsoft Windows Server 2012

References

http://support.microsoft.com/kb/2829254
http://www.securelist.com/en/advisories/53340
https://technet.microsoft.com/en-us/security/bulletin/ms13-039

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1305

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)
Microsoft Windows Local Procedure Call Local Privilege Escalation Vulnerability (2898715)
Microsoft Windows SAMR Protocol Security Bypass Vulnerability (2934418)
Microsoft Windows Defender Privilege Elevation Vulnerability (2847927)

Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability (2829254)

Take action and discover your vulnerabilities