What's your rating of Message Queuing
Microsoft Security Bulletin MS14-062 - Important
- 9 minutes to read
Vulnerability in Message Queuing Service Could Allow Elevation of Privilege 2993254)
Published: October 14, 2014
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker sent a specially crafted input / output control (IOCTL) request to the Message Queuing service. Successful exploitation of this vulnerability could allow full access to the affected system. By default, the Message Queuing component is not installed on the affected operating system versions and can only be activated by a user with administrator rights. Only customers who manually activate the Message Queuing component can be susceptible to this problem.
This security update is rated Important for all supported editions of Windows Server 2003. See the section for more information Affected Software.
The update addresses the vulnerability by changing the way the Message Queuing service validates input data before it is passed to the allocated buffer. For more information about the vulnerability, see the subsection Frequently asked questions (FAQs) for the specific vulnerability later in this bulletin.
Recommendation. Most users have automatic updating turned on and do not need to take any action as this security update will be downloaded and installed automatically. For more information about specific configuration options for automatic updating, see Microsoft Knowledge Base Article 294871. For users who have not enabled automatic updating, you can use the steps in Turn automatic updating on or off to enable automatic updating.
Corporate installations and administrators, as well as end users who want to manually install this security update (including users who have not activated automatic updating), are advised to use update management software to install the update at the earliest opportunity or to check the Microsoft Update Service for updates. The updates are also available from the download locations in the Affected Software table later in this bulletin.
See the section for more instructions Discovery and deployment tools and guides in this bulletin.
Knowledge Base Articles
- Knowledge Base Articles: 2993254
- File information: Yes
- SHA1 / SHA2 hashes: Yes
- known problems: No
The following software versions or editions are affected. Versions or editions not listed have either reached the end of their support lifecycle or are not affected. Visit the Microsoft Support Lifecycle website to determine the support lifecycle for your software version or edition.
|**Operating system**||** Maximum safety impact **||** Assessment of the overall severity **||** Replaced Updates **|
|** Windows Server 2003 **|
|[Windows Server 2003 Service Pack 2] (https://www.microsoft.com/download/details.aspx?familyid=1464260a-c3a9-436c-b345-e1b64325ab4f) (2993254)||Elevation of Privilege||High||971032 in [MS09-040] (https://go.microsoft.com/fwlink/?linkid=155979)|
|[Windows Server 2003 x64 Edition Service Pack 2] (https://www.microsoft.com/download/details.aspx?familyid=fd8c0b32-dd8b-461a-a110-43a076435f77) (2993254)||Elevation of Privilege||High||971032 in [MS09-040] (https://go.microsoft.com/fwlink/?linkid=155979)|
|[Windows Server 2003 with SP2 for Itanium-based Systems] (https://www.microsoft.com/download/details.aspx?familyid=b0b35a54-9178-4724-89e2-94cace12abc8) (2993254)||Elevation of Privilege||High||971032 in [MS09-040] (https://go.microsoft.com/fwlink/?linkid=155979)|
Frequently asked questions (FAQs) about this update
I am using an older version of the software described in this security bulletin. What should I do?
The affected software listed in this bulletin have been tested to determine which versions are affected. Other versions are past their support life cycles. For more information on product cycles, see the Microsoft Support Lifecycle website.
Users of older versions of this software should migrate to versions that are supported as soon as possible in order to protect themselves from future vulnerabilities. For information about determining the support lifecycle for your software version, see Choosing a Product for Lifecycle Information. For more information about service packs for these software releases, see Service Pack Lifecycle Support Policy.
Users who require additional support for older software must contact their Microsoft account manager, technical account manager, or their respective Microsoft partner in order to receive support offerings. Customers who do not have an Alliance, Premier, or Authorized contract can contact their local Microsoft sales office. Contact information can be found at the Microsoft Worldwide website. Select your country; a list of phone numbers is displayed. When calling at the number provided, please ask for the Premier Support Regional Sales Manager. For more information, see the Microsoft Support Lifecycle Policy Frequently Asked Questions (FAQ) page.
Severity ratings and vulnerability identifiers
The following severity assessment assumes the maximum potential impact of the vulnerability. For information about the likelihood of the exploitation of the vulnerability, including its severity rating and security impact, within 30 days of the release of this security bulletin, see the Exploitability Index in the October bulletin summary. For more information, see the Microsoft Exploitability Index.
|** Assessment of the severity and maximum security impact according to the software concerned **|
|** Affected software **||** MQAC Elevation of Privilege Write Anywhere Vulnerability - CVE-2014-4971 **||** Assessment of the overall severity **|
|** Windows Server 2003 **|
|Windows Server 2003 Service Pack 2 (2993254)||** High ** Elevation of Privilege||**High**|
|Windows Server 2003 x64 Edition Service Pack 2 (2993254)||** High ** Elevation of Privilege||**High**|
|Windows Server 2003 with SP2 for Itanium-based Systems (2993254)||** High ** Elevation of Privilege||**High**|
MQAC Elevation of Privilege Write Any Vulnerability - CVE-2014-4971
A vulnerability exists in the Microsoft Message Queuing Service (MSMQ) that could allow an attacker to elevate the privileges of the affected system.
For information about how to view this vulnerability as the default entry in the Common Vulnerability List, see CVE-2014-4971.
Mitigation refers to a setting, common configuration, or general best practice that can exist in a default state that can reduce the severity of a vulnerability's exploitation. The following mitigating factors may be helpful to you:
- By default, the Message Queuing component is not installed on the affected operating system versions and can only be activated by a user with administrator rights. Only customers who manually activate the Message Queuing component can be susceptible to this problem.
- An attacker would require valid credentials and be able to log on locally to exploit this vulnerability. The vulnerability cannot be exploited remotely or by anonymous users.
Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but instead blocks known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the description whether a fix will limit functionality:
Disable the Message Queuing service:
Disabling the Message Queuing service will help protect against attacks that are designed to exploit this vulnerability. To disable the Message Queuing service, do the following:
- click on begin and then on Control panel. Or point to Settings, and then click Control panel.
- Double click administration. Or click on Switch to the classic view, and then double-click administration.
- Double click services.
- Double click Message queuing.
- Click in the list Start type on Disabled.
- click on break up and then on OK.
Through the group policy:
Use the Group Policy settings to disable the Message Queuing service. You can use the Group Policy Object function in Microsoft Windows 2000 or Server 2003 domain environments to disable the start of this service at the local, site, domain or organizational unit level.
Note: You can also refer to the Windows 2003 Security Guide. This guide provides information on how to disable services. For more information about Group Policy, go to the following websites:
You can also stop and disable the MSMQ service by using the following command at the command prompt (available in Windows XP and in the Microsoft Windows 2000 Resource Kit):
This is how you undo the problem circumvention: Use the steps above to set the startup type to Automatic and start the service.
Frequently asked questions (FAQs)
What is the scope of the vulnerability?
This vulnerability could be exploited in a local elevation of privilege.
What causes the vulnerability?
The vulnerability is caused when the Message Queuing service improperly manipulates objects in memory by inadvertently allowing them to be overwritten.
What is Microsoft Message Queuing (MSMQ)?
Microsoft Message Queuing (MSMQ) technology enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline. Applications send messages to queues and read messages from queues. Message Queuing provides guaranteed message delivery, efficient routing, security, and priority-based messaging. It can be used to implement solutions for both asynchronous and synchronous messaging scenarios. For more information, see the Microsoft Message Queuing product documentation.
What is an input / output control (IOCTL)?
Windows enables applications to request services directly from device drivers. The interface through which this is done is an input / output controller, or IOCTL.
What could an attacker use this vulnerability to do?
If an attacker successfully exploited this vulnerability, they could take complete control of the affected system. An attacker could then install programs, view, change or delete data or create new accounts with full user rights.
How would an attacker proceed to exploit this vulnerability?
An attacker could exploit the vulnerability by sending a specially crafted IOCTL request to the Message Queuing service. Successful exploitation of this vulnerability could allow full access to the affected system.
Which systems are primarily at risk from this vulnerability?
Workstations and servers running the Message Queuing service are primarily at risk from this vulnerability.
What does the update do?
The update addresses the vulnerability by changing the way the MSMQ service validates input data before it is passed to the allocated buffer.
At the time this security bulletin was published, was this vulnerability publicly known?
Yes. This vulnerability has been published. She has been assigned the number CVE-2014-4971 for Common Vulnerability.
At the time this security bulletin was published, did Microsoft have any information that this vulnerability had been exploited?
No. At the time this security bulletin was first published, Microsoft had no information that this vulnerability had been publicly used to target users.
Discovery and deployment tools and guides
There are several resources available to help administrators deploy security updates.
- The Microsoft Baseline Security Analyzer (MBSA) enables administrators to check local and remote systems for missing security updates and for frequently misconfigured security parameters.
- Windows Server Update Services (WSUS), Systems Management Server (SMS) and System Center Configuration Manager help administrators distribute security updates.
- The update compatibility assessment components included in the Application Compatibility Toolkit help test and verify the compatibility of Windows updates with installed applications.
For more information about these and other tools available, see Security Tools.
Provision of security updates
Windows Server 2003 (all editions)
The following table contains the security update information for this software.
|Security update filenames||For all supported 32-bit editions of Windows Server 2003:|
|For all supported x64-based editions of Windows Server 2003:|
|For all supported Itanium-based editions of Windows Server 2003:|
|Installation options||See Microsoft Knowledge Base Article 934307|
|Update log file||KB2993254.log|
|Restart request||Yes, you will have to restart the system after installing this security update.|
|Uninstall information||Use the option software in the Control panel or the Spuninst.exe utility in the% Windir% \ $ NTUninstallKB2993254 $ \ Spuninst folder.|
|File information||See Microsoft Knowledge Base Article 2993254|
|Verification of the registry key||HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Updates \ Windows Server 2003 \ SP3 \ KB2993254 \ Filelist|
- Is Ayn Rand a psychopath
- Why don't you be afraid of an angry person
- What did you learn when you slept less?
- Which first world countries have no constitutions?
- How long has Fortnite been out
- What are these app components called desc
- Why are there no more solar-powered electronics?
- How do poems use idioms?
- What do Americans call roundabouts
- Is IPTV legally paid
- How much noise do ear plugs block
- Why do fish smell bad
- What is the overwrite note
- How do you kill a zombie
- What is the best treatment for Staphylococcus
- How do allergies affect the lungs directly?
- What are alternatives to social media
- Which age is considered to be ancient Why
- How does CBD help your body
- Is vlogging on YouTube stressful?
- Can an organization become ISO 31000 certified?
- Who is Fredo
- What worries you these days
- How can you abbreviate that?