---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Message Queuing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA14921 VERIFY ADVISORY: http://secunia.com/advisories/14921/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows XP Professional http://secunia.com/product/22/ DESCRIPTION: Kostya Kortchinsky has reported a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Message Queuing component. This can e.g. be exploited by sending a specially crafted message via RPC. NOTE: The Message Queuing is not activated by default. SOLUTION: Apply patches. Microsoft Windows 2000 (requires Service Pack 3 or Service Pack 4): http://www.microsoft.com/downloads/details.aspx?FamilyId=99A8EE12-4BD6-43F5-A43F-124E0E2C2283 Microsoft Windows XP (requires Service Pack 1): http://www.microsoft.com/downloads/details.aspx?FamilyId=D72B7198-93A8-4652-B505-8E51FC5EEAC3 Microsoft Windows XP 64-Bit Edition (requires Service Pack 1) (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=9124BA48-73A8-4C94-AA46-CE9A9D1E1198 The following versions of Microsoft Windows are not affected: * Microsoft Windows XP Service Pack 2 * Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) PROVIDED AND/OR DISCOVERED BY: Kostya Kortchinsky ORIGINAL ADVISORY: MS05-017 (KB892944): http://www.microsoft.com/technet/security/bulletin/MS05-017.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------