Windows : Microsoft Bulletins : Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.900908

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS09-040.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-040.

Vulnerability Insight:
An error occurs while parsing malicious IOCTL requests sent to the Message Queuing
service (MSMQ) because the input data is not adequately sanitised before being passed into the buffer.

Vulnerability Impact:
Successful exploitation will allow attackers to execute arbitrary code with
SYSTEM level privileges and completely compromise the affected system.

Affected Software/OS:
- Microsoft Windows 2K Service Pack 4 and prior

- Microsoft Windows XP Service Pack 2 and prior

- Microsoft Windows 2003 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1922
Bugtraq: 20090812 [PT-2008-09] Microsoft Windows MSMQ Privilege Escalation Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/505691/100/0/threaded
Cert/CC Advisory: TA09-223A
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
http://en.securitylab.ru/lab/PT-2008-09
Microsoft Security Bulletin: MS09-040
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-040
http://osvdb.org/56901
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6109
http://www.securitytracker.com/id?1022714
http://secunia.com/advisories/36214

Copyright Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.900908
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS09-040.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-040. Vulnerability Insight: An error occurs while parsing malicious IOCTL requests sent to the Message Queuing service (MSMQ) because the input data is not adequately sanitised before being passed into the buffer. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary code with SYSTEM level privileges and completely compromise the affected system. Affected Software/OS: - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 2 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1922 Bugtraq: 20090812 [PT-2008-09] Microsoft Windows MSMQ Privilege Escalation Vulnerability (Google Search) http://www.securityfocus.com/archive/1/505691/100/0/threaded Cert/CC Advisory: TA09-223A http://www.us-cert.gov/cas/techalerts/TA09-223A.html http://en.securitylab.ru/lab/PT-2008-09 Microsoft Security Bulletin: MS09-040 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-040 http://osvdb.org/56901 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6109 http://www.securitytracker.com/id?1022714 http://secunia.com/advisories/36214
Copyright	Copyright (C) 2009 Greenbone AG