Update Protection against Message Queuing Service Remote Code Execution Vulnerability (MS08-065)
| Check Point Reference: | CPAI-2008-152 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS08-065 | |
| Industry Reference(s): | CVE-2008-3479 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows 2000 SP4 | ||
| Vulnerability Description A remote code execution vulnerability exists in Microsoft Windows Message Queuing Service. Microsoft Message Queuing (MSMQ) is a component of Microsoft Windows designed to act as a message portal between a set of applications requiring message exchange functionality. MSMQ enables applications that are running at different times to communicate across heterogeneous networks and across systems that may be temporarily offline. A remote attacker can exploit the MSMQ vulnerability to take complete control over an affected system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS08-065 |
|
|
Vulnerability Details The vulnerability is due to an error in the MSMQ service that fails to properly parse malformed RPC requests. A remote attacker could exploit this issue via a specially crafted RPC request sent to the vulnerable interface. Successful exploitation of this vulnerability could allow remote code execution on the affected system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block malformed requests to the vulnerable service.
In order for the protection to be activated, update your VPN-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.