CVE-2013-1305

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Microsoft Windows Server 2012 versions prior to the fixed version Microsoft Windows RT versions prior to the fixed version

Description A denial of service issue exists due to improper handling of a malicious HTTP header by the HTTP protocol stack (HTTP.sys). This can be exploited by an attacker sending a specially crafted HTTP header to an affected Windows server or client, triggering an infinite loop in the HTTP protocol stack.

Recommendations For Microsoft Windows 8, update to a version that includes the fix for this issue. For Microsoft Windows Server 2012, update to a version that includes the fix for this issue. For Microsoft Windows RT, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the HTTP protocol stack (HTTP.sys) to minimize the risk of exploitation.