View products that this article applies to.

Introduction

Microsoft has released the security bulletin MS13-007. You can view the complete security bulletin by going to one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More Information

Known issues and additional information about this update

The default Replace canonical function could allow for a denial of service attack. Therefore, this security update disables the Replace canonical function. We recommend that you leave this functionality disabled unless other mitigations are used. For example, using authenticated access to the service or using a provider that is not vulnerable to nested Replace as an attack vector may reduce the risk of a denial of service attack. If you use other mitigations, you can restore Replace functionality by setting enable="true" in a configuration file, as shown in the following XML code example. It can also be restored in service code by setting the enable property to true in the DataServicesReplaceFunctionFeature class.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<sectionGroup name="wcfDataServices" type="System.Data.Services.Configuration.DataServicesSectionGroup">
<section name="features" type="System.Data.Services.Configuration.DataServicesFeaturesSection" />
</sectionGroup>
</configSections>
<wcfDataServices>
<features>
<replaceFunction enable="true" />
</features>
</wcfDataServices>
</configuration>



The following articles contain additional information about this update as it relates to individual product versions. The articles may contain information that is specific to the individual updates such as download URL, prerequisites, and command-line switches.


Microsoft .NET Framework 4

  • 2736428 MS13-007: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: January 8, 2013


Microsoft .NET Framework 3.5.1

  • 2736422 MS13-007: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: January 8, 2013

  • 2736418 MS13-007: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2: January 8, 2013


Microsoft .NET Framework 3.5

  • 2736693 MS13-007: Description of the security update for the .NET Framework 3.5 on Windows 8, Windows RT, and Windows Server 2012: January 8, 2013

Microsoft .NET Framework 3.5 Service Pack 1

  • 2736416 MS13-007: Description of the security update for the .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008: January 8, 2013

Microsoft Management OData IIS Extension

  • 2753596 MS13-007: Description of the security update for the Management OData IIS Extension on Windows Server 2012: January 8, 2013

File name

SHA1 hash

SHA256 hash

NDP35SP1-KB2736416-IA64.exe

CF3BEE8AFC2555D381800B628A3DCC01EC4E685C

24CC439999EBB612F37D30127D81B9D625B1EE3C7080970D44BF38DF05755F2C

NDP35SP1-KB2736416-x64.exe

D1D9B33957BBA14E31988DFDAF4F5D3B13F37943

19C4E28FB8A57201F21A73E3CA36749E6ACC89D736E58DD0110745C243C710CF

NDP35SP1-KB2736416-x86.exe

93368F49226C00B8DDB32723196DDFBB275C8765

7CB7576F5512EEFA0D86C3E0B2F957199A7B8EF87C3CBACAEF03F7E5640DEB9F

NDP40-KB2736428-IA64.exe

4012210984C452D0274CB36BBDAD97A320166EFA

40B51ED358CAC83E02D9DB202DD3F4844BC8719DC8E4A4101AF3406CA328FB92

NDP40-KB2736428-x64.exe

F5F126738673AE9764D03FE42FEEEA68F1EDECE2

C42871B7CF1EFA48743357FCBE24341B55D3819D394DC262AD483DD75DC9D705

NDP40-KB2736428-x86.exe

69A15697F7C9C976B933BD46869C895E9A1B0356

4C250204646ED8CF3BC2F24C4FD9177D0F41F8AD43504F497E4AAC0DB04F8EE0

Windows6.1-KB2736418-ia64.msu

D6F17DCDEC64753B932C796BA9E39CF7FBC34B6D

A796299F9E7ECC98738211F8669C1FDCB496DF340FF00EBF13EA136C7B1D6943

Windows6.1-KB2736418-x64.msu

7DD6936DD2CF338DB1AE2EDFEA8FBAC6D089C484

B663BE83A5B429F6DA9221AEE8E80A0C7E2353F5182BD042B62713CB3108E3C4

Windows6.1-KB2736418-x86.msu

014BEBBAA5E33345456B8C4583040333673BD3E3

ACC5DD40C3B00628A5B5F4E66CF810CC3D6AACF4C17D58B6BB9E36527D004DC1

Windows6.1-KB2736422-ia64.msu

AA0D30E6C0C2495A61AF74D0AFCB0AD432810EA9

83BDFDA8FC1AF4B9407CE3DF89A11D3B1CA9043FA2D0B0C36C5A769ABD32E540

Windows6.1-KB2736422-x64.msu

8012D0310C4E3A74FBB64EA25D7F6050EC019201

0D992E873F7BE6D52F8A8FC53716FCBCB9E38B4E1C3D9EC4497112741FA97C60

Windows6.1-KB2736422-x86.msu

A7853ADD16B14609C9B34348B52878B15EB9410F

AA85481D1FD59E56D46FE86127456A56A945956CEB3DF110A6A9B77C765216BA

Windows8-RT-KB2736693-x64.msu

FA7526CC57DB70D12FFFD587A6AC1F7C26F04098

74069778B8CDFF51D34D441D59FB2EAE6EF22EBE9AC0CCD5CD26B753C7DE789A

Windows8-RT-KB2736693-x86.msu

A35F02E2579F7038C013BE7A633A0207C6ADAA4C

C6ABCDB241A7C4372F107A0CD5216A4ED1B3A4DE19D9F4EDA6AE60AE589F38C5

Windows8-RT-KB2753596-x64.msu

458C4B5E42FF52653F3DB60EEB2AD2A3D18B8962

09883673056652E84DB240DC487937A1DFF7E8E27F1EAFF5FC9FBD3342AE3543


Update replacement informationUpdate replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.


This article applies to the following:

  • Microsoft .NET Framework 4 when used with:

    • Windows 7

    • Windows 7 Service Pack 1

    • Windows Server 2008 R2

    • Windows Server 2008 R2 Service Pack 1

    • Windows Vista Service Pack 2

    • Windows Server 2008 Service Pack 2

    • Microsoft Windows XP Service Pack 3

    • Microsoft Windows Server 2003 Service Pack 2

  • Microsoft .NET Framework 3.5.1 when used with:

    • Windows 7

    • Windows 7 Service Pack 1

    • Windows Server 2008 R2

    • Windows Server 2008 R2 Service Pack 1

  • Microsoft .NET Framework 3.5 Service Pack 1 when used with:

    • Windows Vista Service Pack 2

    • Windows Server 2008 Service Pack 2

    • Microsoft Windows XP Service Pack 3

    • Microsoft Windows Server 2003 Service Pack 2

  • Microsoft .NET Framework 3.5 when used with:

    • Windows 8

    • Windows RT

    • Windows Server 2012


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×