Title: Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability
Severity: HIGH
Description:
Microsoft Message Queuing (MSMQ) is a messaging protocol that allows applications running on disparate servers to communicate in a failsafe manner.
MSMQ is prone to a local privilege-escalation vulnerability because it fails to adequately handle user-supplied input from a specially crafted IOCTL request sent to the MSMQ service. Specifically, the issue arises in the 'mqac.sys' file when handling data associated with the 'Irp' object. This may cause a NULL pointer to be dereferenced.
Note that MSMQ is not installed on any affected operating system edition by default and can be enabled only by a user with administrative privileges.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploits will cause a denial of service.
Affected Products:
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Server SP4
- Microsoft Windows Server 2003 Datacenter x64 Edition SP2
- Microsoft Windows Server 2003 Enterprise x64 Edition SP2
- Microsoft Windows Server 2003 Itanium SP2
- Microsoft Windows Server 2003 SP2
- Microsoft Windows Server 2003 x64 SP2
- Microsoft Windows Vista
- Microsoft Windows Vista Business
- Microsoft Windows Vista Business 64-bit edition
- Microsoft Windows Vista Enterprise
- Microsoft Windows Vista Enterprise 64-bit edition
- Microsoft Windows Vista Home Basic
- Microsoft Windows Vista Home Basic 64-bit edition
- Microsoft Windows Vista Home Premium
- Microsoft Windows Vista Home Premium 64-bit edition
- Microsoft Windows Vista Ultimate
- Microsoft Windows Vista Ultimate 64-bit edition
- Microsoft Windows Vista x64 Edition
- Microsoft Windows XP Home SP2
- Microsoft Windows XP Media Center Edition SP2
- Microsoft Windows XP Professional SP2
- Microsoft Windows XP Professional x64 Edition SP2
- Microsoft Windows XP Tablet PC Edition SP2
References:
- Microsoft: Microsoft Security Bulletin MS09-040
- Microsoft: Microsoft Windows Homepage
- Positive Technologies: (PT-2008-09) Positive Technologies Security Advisory
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
