Introduction
Microsoft has released the security bulletin MS13-007. You can view the complete security bulletin by going to one of the following Microsoft websites:
-
Home users:http://www.microsoft.com/security/pc-security/bulletins/201301.aspx
-
IT professionals:http://technet.microsoft.com/security/bulletin/MS13-007
How to obtain help and support for this security update
Help installing updates: Support for Microsoft Update Security solutions for IT professionals: TechNet Security Troubleshooting and Support Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center Local support according to your country: International Support
More Information
Known issues and additional information about this update
The default Replace canonical function could allow for a denial of service attack. Therefore, this security update disables the Replace canonical function. We recommend that you leave this functionality disabled unless other mitigations are used. For example, using authenticated access to the service or using a provider that is not vulnerable to nested Replace as an attack vector may reduce the risk of a denial of service attack. If you use other mitigations, you can restore Replace functionality by setting enable="true" in a configuration file, as shown in the following XML code example. It can also be restored in service code by setting the enable property to true in the DataServicesReplaceFunctionFeature class.
<?xml version="1.0" encoding="utf-8"?>
<configuration> <configSections> <sectionGroup name="wcfDataServices" type="System.Data.Services.Configuration.DataServicesSectionGroup"> <section name="features" type="System.Data.Services.Configuration.DataServicesFeaturesSection" /> </sectionGroup> </configSections> <wcfDataServices> <features> <replaceFunction enable="true" /> </features> </wcfDataServices> </configuration>
The following articles contain additional information about this update as it relates to individual product versions. The articles may contain information that is specific to the individual updates such as download URL, prerequisites, and command-line switches.
Microsoft .NET Framework 4
-
2736428Â MS13-007: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: January 8, 2013
Microsoft .NET Framework 3.5.1
-
2736422 MS13-007: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: January 8, 2013
-
2736418 MS13-007: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2: January 8, 2013
Microsoft .NET Framework 3.5
-
2736693 MS13-007: Description of the security update for the .NET Framework 3.5 on Windows 8, Windows RT, and Windows Server 2012: January 8, 2013
Microsoft .NET Framework 3.5 Service Pack 1
-
2736416Â MS13-007: Description of the security update for the .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008: January 8, 2013
Microsoft Management OData IIS Extension
-
2753596 MS13-007: Description of the security update for the Management OData IIS Extension on Windows Server 2012: January 8, 2013
File name |
SHA1 hash |
SHA256 hash |
---|---|---|
NDP35SP1-KB2736416-IA64.exe |
CF3BEE8AFC2555D381800B628A3DCC01EC4E685C |
24CC439999EBB612F37D30127D81B9D625B1EE3C7080970D44BF38DF05755F2C |
NDP35SP1-KB2736416-x64.exe |
D1D9B33957BBA14E31988DFDAF4F5D3B13F37943 |
19C4E28FB8A57201F21A73E3CA36749E6ACC89D736E58DD0110745C243C710CF |
NDP35SP1-KB2736416-x86.exe |
93368F49226C00B8DDB32723196DDFBB275C8765 |
7CB7576F5512EEFA0D86C3E0B2F957199A7B8EF87C3CBACAEF03F7E5640DEB9F |
NDP40-KB2736428-IA64.exe |
4012210984C452D0274CB36BBDAD97A320166EFA |
40B51ED358CAC83E02D9DB202DD3F4844BC8719DC8E4A4101AF3406CA328FB92 |
NDP40-KB2736428-x64.exe |
F5F126738673AE9764D03FE42FEEEA68F1EDECE2 |
C42871B7CF1EFA48743357FCBE24341B55D3819D394DC262AD483DD75DC9D705 |
NDP40-KB2736428-x86.exe |
69A15697F7C9C976B933BD46869C895E9A1B0356 |
4C250204646ED8CF3BC2F24C4FD9177D0F41F8AD43504F497E4AAC0DB04F8EE0 |
Windows6.1-KB2736418-ia64.msu |
D6F17DCDEC64753B932C796BA9E39CF7FBC34B6D |
A796299F9E7ECC98738211F8669C1FDCB496DF340FF00EBF13EA136C7B1D6943 |
Windows6.1-KB2736418-x64.msu |
7DD6936DD2CF338DB1AE2EDFEA8FBAC6D089C484 |
B663BE83A5B429F6DA9221AEE8E80A0C7E2353F5182BD042B62713CB3108E3C4 |
Windows6.1-KB2736418-x86.msu |
014BEBBAA5E33345456B8C4583040333673BD3E3 |
ACC5DD40C3B00628A5B5F4E66CF810CC3D6AACF4C17D58B6BB9E36527D004DC1 |
Windows6.1-KB2736422-ia64.msu |
AA0D30E6C0C2495A61AF74D0AFCB0AD432810EA9 |
83BDFDA8FC1AF4B9407CE3DF89A11D3B1CA9043FA2D0B0C36C5A769ABD32E540 |
Windows6.1-KB2736422-x64.msu |
8012D0310C4E3A74FBB64EA25D7F6050EC019201 |
0D992E873F7BE6D52F8A8FC53716FCBCB9E38B4E1C3D9EC4497112741FA97C60 |
Windows6.1-KB2736422-x86.msu |
A7853ADD16B14609C9B34348B52878B15EB9410F |
AA85481D1FD59E56D46FE86127456A56A945956CEB3DF110A6A9B77C765216BA |
Windows8-RT-KB2736693-x64.msu |
FA7526CC57DB70D12FFFD587A6AC1F7C26F04098 |
74069778B8CDFF51D34D441D59FB2EAE6EF22EBE9AC0CCD5CD26B753C7DE789A |
Windows8-RT-KB2736693-x86.msu |
A35F02E2579F7038C013BE7A633A0207C6ADAA4C |
C6ABCDB241A7C4372F107A0CD5216A4ED1B3A4DE19D9F4EDA6AE60AE589F38C5 |
Windows8-RT-KB2753596-x64.msu |
458C4B5E42FF52653F3DB60EEB2AD2A3D18B8962 |
09883673056652E84DB240DC487937A1DFF7E8E27F1EAFF5FC9FBD3342AE3543 |
Update replacement informationUpdate replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.
This article applies to the following:
-
Microsoft .NET Framework 4 when used with:
-
Windows 7
-
Windows 7 Service Pack 1
-
Windows Server 2008 R2
-
Windows Server 2008 R2 Service Pack 1
-
Windows Vista Service Pack 2
-
Windows Server 2008 Service Pack 2
-
Microsoft Windows XP Service Pack 3
-
Microsoft Windows Server 2003 Service Pack 2
-
-
Microsoft .NET Framework 3.5.1 when used with:
-
Windows 7
-
Windows 7 Service Pack 1
-
Windows Server 2008 R2
-
Windows Server 2008 R2 Service Pack 1
-
-
Microsoft .NET Framework 3.5 Service Pack 1 when used with:
-
Windows Vista Service Pack 2
-
Windows Server 2008 Service Pack 2
-
Microsoft Windows XP Service Pack 3
-
Microsoft Windows Server 2003 Service Pack 2
-
-
Microsoft .NET Framework 3.5 when used with:
-
Windows 8
-
Windows RT
-
Windows Server 2012
-