Vulnerability in Message Queuing Could Allow Elevation of Privilege
Description: This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue. The security update addresses the vulnerability by modifying the way that the MSMQ service validates input data before passing the data to the allocated buffer.
Update type: Important
Release date: August 11, 2009
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/971032
- MSMQ Null Pointer Vulnerability – CVE-2009-1922
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB971032.