===================================================================== CERT-Renater Note d'Information No. 2014/VULN145 _____________________________________________________________________ DATE : 09/07/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows version Vista, 7, Server 2008, 8, Server 2012, RT, RT 8.1 running Microsoft Service Bus for Windows Server. ====================================================================== KB2972621 https://technet.microsoft.com/library/security/ms14-042 ______________________________________________________________________ Microsoft Security Bulletin MS14-042 - Moderate Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621) Published: July 8, 2014 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability in Microsoft Service Bus for Windows Server. The vulnerability could allow denial of service if a remote authenticated attacker creates and runs a program that sends a sequence of specially crafted Advanced Message Queuing Protocol (AMQP) messages to the target system. Microsoft Service Bus for Windows Server is not shipped with any Microsoft operating system. For an affected system to be vulnerable Microsoft Service Bus must first be downloaded, installed, and configured, and then its configuration details (farm certificate) shared with other users. This security update is rated Moderate for Microsoft Service Bus 1.1 when installed on affected editions of Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Affected Software Microsoft Service Bus 1.1 when installed on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (2972621) Microsoft Service Bus 1.1 when installed on Windows Server 2012 (2972621) Microsoft Service Bus 1.1 when installed on Windows Server 2012 R2 (2972621) Vulnerability Information Service Bus Denial of Service Vulnerability - CVE-2014-2814 A denial of service vulnerability exists in Microsoft Service Bus for Windows Server. An authenticated attacker who successfully exploited the vulnerability could cause the Service Bus to stop responding for incoming AMQP messages. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================