Denial of Service Vulnerability in Microsoft Windows Products
CVE-2013-3869

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows Server 2008; Windows Server 2012; Windows Rt
Vendor: CVE Published:; 13 November 2013

Summary

This vulnerability in Microsoft Windows allows remote attackers to trigger a denial of service condition by sending a specially crafted web-service request that contains a malformed X.509 certificate. This insufficient handling during certificate validation can lead to a daemon hang, impairing the availability of affected systems and exposing users to further risks. This issue affects multiple versions of Microsoft Windows, creating a broad impact across various deployments.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/ncas/alerts/TA13-317A

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 13, 2013
Vulnerability Reserved
Jun 3, 2013