=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN432
_____________________________________________________________________

DATE                      : 15/10/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000 Service Pack 4 running Message
                                 Queuing Service.

======================================================================
KB951071
http://www.microsoft.com/technet/security/bulletin/ms08-065.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-065 - Important

Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)

   Published: October 14, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves a privately reported vulnerability in
   the Message Queuing Service (MSMQ) on Microsoft Windows 2000 systems.
   The vulnerability could allow remote code execution on Microsoft
   Windows 2000 systems with the MSMQ service enabled.

   This security update is rated Important for all supported editions of
   Microsoft Windows 2000. For more information, see the subsection,
   Affected and Non-Affected Software, in this section.

   The security update addresses the vulnerability by replacing the
   vulnerable string APIs that are processed by MSMQ.

   Recommendation. Microsoft recommends that customers apply the update
   at the earliest opportunity.

Affected Software

   Microsoft Windows 2000 Service Pack 4

Vulnerability Information

Message Queuing Service Remote Code Execution Vulnerability - CVE-2008-3479

   A remote code execution vulnerability exists in the Message Queuing
   Service due to a specific flaw in the parsing of an RPC request to the
   Message Queuing service.

   An attacker could exploit the vulnerability by sending a specially
   crafted RPC request. A heap request can be controlled and later
   overflowed during an unchecked string copy operation. Successful
   exploitation of this issue could lead to full access to the affected
   system under the SYSTEM context. An attacker who successfully
   exploited this vulnerability could take complete control of an
   affected system.

Workarounds for Message Queuing Service Remote Code Execution Vulnerability
- - CVE-2008-3479

   Block the following at the perimeter firewall

   Disable the Message Queuing Service:

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================