To exploit the vulnerability, an attacker would need to send malicious HTTP requests to the targeted system. To achieve this objective, the attacker may require access to trusted, internal networks to send malicious requests to the affected system, which could limit the likelihood of a successful exploit.
Microsoft has corrected this vulnerability by turning off the WCF Replace
function by default.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the January 2013 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for January 2013