CERT-In Vulnerability Note CIVN-2008-166
Microsoft Message Queuing Service Remote Code Execution Vulnerability

Original Issue Date:October 16, 2008

Severity Rating: Medium

Systems Affected

• Microsoft Windows 2000 SP4

Overview

A vulnerability has been reported in Microsoft Message Queuing (MSMQ) Service that could be exploited by an attacker to cause remote code execution.

Description

Microsoft Message Queuing (MSMQ) technology enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline.

MSMQ provides guaranteed message delivery, efficient routing, security, and priority-based messaging. It can be used to implement solutions for both asynchronous and synchronous messaging scenarios.

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by improper parsing of RPC requests by the Microsoft Message Queuing (mqsvc.exe)service. By sending a specially-crafted RPC request to a system with the MSMQ service installed, a remote attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-065

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms08-065.mspx

References

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms08-065.mspx
http://www.microsoft.com/windowsserver2003/techinfo/overview/
msmqfaq.mspx

IBM ISS X-Force
http://xforce.iss.net/xforce/xfdb/45537

SecurityFocus
http://www.securityfocus.com/bid/31637

Securitytracker
http://securitytracker.com/alerts/2008/Oct/1021052.html

CVE Name
CVE-2008-3479

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003