Microsoft Service Bus AMQP Processing Flaw Lets Remote Authenticated Users Deny Service
|
SecurityTracker Alert ID: 1030538 |
SecurityTracker URL: http://securitytracker.com/id/1030538
|
CVE Reference:
CVE-2014-2814
(Links to External Site)
|
Date: Jul 8 2014
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2008 R2, 2012, 2012 R2
|
Description:
A vulnerability was reported in Microsoft Service Bus. A remote authenticated user can cause denial of service conditions.
A remote authenticated user can send a sequence of specially crafted Advanced Message Queuing Protocol (AMQP) messages to the target service to cause the target service to stop processing inbound AMQP messages.
The following DLL versions are affected:
Microsoft.ServiceBus.dll 2.1.30904.0
Microsoft.Cloud.ServiceBus.Client.dll 2.1.30904.0
Microsoft.ServiceBus.Commands.dll 2.0.30904.0
Microsoft.Cloud.ServiceBus.Messaging.dll 2.0.30904.0
|
Impact:
A remote authenticated user can cause the target system to stop processing inbound AMQP messages.
|
Solution:
The vendor has issued the following fixes:
Microsoft Service Bus 1.1 (Windows Server 2008 R2 for x64-based Systems SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=927a4c84-85ac-47ab-ad80-1156b7a68a27
Microsoft Service Bus 1.1 (Windows Server 2012):
http://www.microsoft.com/downloads/details.aspx?familyid=927a4c84-85ac-47ab-ad80-1156b7a68a27
Microsoft Service Bus 1.1 (Windows Server 2012 R2):
http://www.microsoft.com/downloads/details.aspx?familyid=927a4c84-85ac-47ab-ad80-1156b7a68a27
A restart is not required.
The Microsoft advisory is available at:
https://technet.microsoft.com/library/security/ms14-042
|
Vendor URL: technet.microsoft.com/library/security/ms14-042 (Links to External Site)
|
Cause:
Not specified
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|