MSMQ security bulletin MS07-065

A buffer overrun has been identified in MSMQ 2.0 (Windows 2000) and MSMQ 3.0 (Windows XP) which allows code to be executed as Local System.

To exploit this vulnerability locally on Microsoft 2000 Professional and Windows XP, an attacker would first have to log on to the system.

To exploit this vulnerability remotely on Microsoft Windows 2000 Server, an attacker would have to send specially crafted packets to the MSMQ service that could exploit the vulnerability and gain complete control of the affected system.

The update removes the vulnerability by modifying the way that the MSMQ service validates input strings before passing the strings to the allocated buffer.

The KnowledgeBase article is: 

937894 MS07-065: Vulnerability in Message Queuing Service could allow remote code execution in Windows XP and in Windows 2000

The bulletin is available for Home users and IT Professionals.

For reference, the build supplied with the update is:

  • Windows 2000 - (17-Oct-2007)
  • Windows XP - (06-Jul-2007)