CVE-2013-3869

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1

Description A denial of service issue exists due to improper handling of crafted X.509 certificates during validation. This can cause a web service to stop responding when it encounters a specially crafted X.509 certificate. The issue arises from the failure of the X.509 certificate validation operation to handle such certificates correctly.

Recommendations For Microsoft Windows XP SP2 and SP3, apply the fix to handle X.509 certificates properly. For Microsoft Windows Server 2003 SP2, update the X.509 certificate validation operation. For Microsoft Windows Vista SP2, ensure proper handling of crafted X.509 certificates. For Microsoft Windows Server 2008 SP2 and R2 SP1, apply the patch to fix the X.509 certificate parsing issue. For Microsoft Windows 7 SP1, update to a version that properly handles X.509 certificate validation. For Microsoft Windows 8, apply the fix for the denial of service vulnerability. For Microsoft Windows 8.1, ensure the X.509 certificate validation operation is updated. For Microsoft Windows Server 2012 Gold and R2, apply the patch to prevent the web service from stopping responding. For Microsoft Windows RT Gold and 8.1, update the X.509 certificate parsing to handle crafted certificates correctly.