HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-100
Microsoft Windows Message Queuing service Elevation of Privilege Vulnerability

Original Issue Date:August 13, 2009

Severity Rating:High

System Affected

  • Windows 2000 SP4
  • Windows XP SP2
  • Windows XP Professional x64 Edition SP2
  • Windows Server 2003 SP2
  • Windows Server 2003 x64 Edition SP2
  • Windows Server 2003 for Itanium-based Systems SP2
  • Windows Vista
  • Windows Vista x64 Edition

Overview

A vulnerability has been reported in Microsoft Windows Message Queuing service that could allow a local attacker to gain escalated privileges.

Description

Microsoft Message Queuing (MSMQ) is a messaging protocol that enables communication across heterogeneous networks and between computers which may not always be connected. MSMQ provides guaranteed message delivery, efficient routing, security, priority-based messaging and can be used to implement solutions for both asynchronous and synchronous messaging scenarios.

A local attacker can exploit a vulnerability in the MSMQ service which is due to  insufficient data checks on input. The attacker can send a specially crafted IOCTL request to the Message Queuing service to cause a null pointer flaw. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.

Workarounds

  • Disable the Message Queuing Service
  • Restrict local access to trusted users
  • Monitor critical systems for signs of exploitation

    For detailed steps and impact of applying these workarounds refer to Microsoft Security Bulletin MS09-040

Solution

Apply appropriate updates as mentioned in Microsoft Security Bulletin MS09-040

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms09-040.mspx

References

Microsoft
http://www.microsoft.com/windowsserver2003/technologies/msmq/
default.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-040.mspx

CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=18770

Security Tracker
http://www.securitytracker.com/alerts/2009/Aug/1022714.html

Secunia
http://secunia.com/advisories/36214/

CVE Name
CVE-2009-1922

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003