CVE-2014-1811

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1

Description The issue allows remote attackers to cause a denial of service, resulting in non-paged pool memory consumption and system hang, via malformed data in the Options field of a TCP header. This can be achieved by forming TCP packets with incorrect data in the "Options" field of the TCP header.

Recommendations For Microsoft Windows Vista SP2, consider applying configuration changes to mitigate the risk of exploitation. For Microsoft Windows Server 2008 SP2 and R2 SP1, restrict access to the TCP protocol to minimize the risk of denial of service. For Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, avoid using the Options field in the TCP header until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.