<< Back
CVE Number Vulnerability Product Severity Date
MS09-040 Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) Microsoft Windows Critical 12-08-2009

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service.
Detailed Information on the risk:

An elevation of privilege vulnerability exists in the Windows Message Queuing service (MSMQ) due to a specific flaw in the parsing of an IOCTL request to the Message Queuing service. The MSMQ service improperly checks input data before passing them to the buffer. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Further information on this exploit is available at : MS09-040

Affected Software

Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista
Windows Vista x64 Edition
Windows XP Professional x64 Edition Service Pack 2
Windows XP Service Pack 2