MS05-017: Vulnerability in Message Queuing

By Steven
in Back Page News

 Share

Recommended Posts

Grand Master

Steven

Posted
Posted

Microsoft Security Bulletin MS05-017

Vulnerability in Message Queuing Could Allow Code Execution (892944)

Issued: April 12, 2005

Version: 1.0

Summary

Who should read this document: Customers who use Microsoft Message Queuing (MSMQ)

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Recommendation: Customers should apply the update at the earliest opportunity.

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

?Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 ? Download the update

?Microsoft Windows XP Service Pack 1 ? Download the update

?Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium) ? Download the update

?Microsoft Windows 98 and Microsoft Windows 98 Second Edition (SE) ? Review the FAQ section of this bulletin for details about these operating systems.

Non-Affected Software:

?Microsoft Windows XP Service Pack 2

?Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)

?Microsoft Windows Server 2003 and Windows Server 2003 Service Pack 1

?Microsoft Windows Server 2003 for Itanium-based Systems

?Microsoft Windows Millennium Edition (ME)

The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Executive Summary:

This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Message Queuing component. By default, the Message Queuing component is not installed on any affected operating system version. Only customers who manually installed the Message Queuing component could be vulnerable to this issue. The vulnerability is documented in the ?Vulnerability Details? section of this bulletin.

An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accWe recommend that customers apply the update at the earliest opportunity. the earliest opportunity.

http://www.microsoft.com/technet/security/...n/ms05-017.mspx

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.