| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.4 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in Microsoft Windows. This impacts an unknown function of the component Message Queuing Service. The manipulation leads to access control. This vulnerability is listed as CVE-2009-1922. There is no available exploit. You should upgrade the affected component.
Details
A vulnerability was found in Microsoft Windows (Operating System) (affected version not known). It has been rated as critical. This issue affects some unknown functionality of the component Message Queuing Service. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
The weakness was presented 08/11/2009 by Nikita Tarakanov with Positive Technologies Research Team as MS09-040 as confirmed bulletin (Technet). The advisory is shared at microsoft.com. The identification of this vulnerability is CVE-2009-1922 since 06/04/2009. The attack can only be initiated within the local network. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
We expect the 0-day to have been worth approximately $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 40559 (MS09-040: Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90518 (Microsoft Windows Message Queuing Elevation of Privilege Vulnerability (MS09-040)).
Upgrading eliminates this vulnerability. Applying the patch MS09-040 is able to eliminate this problem. The bugfix is ready for download at microsoft.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (52107), Tenable (40559), SecurityFocus (BID 35969†), OSVDB (56901†) and Secunia (SA36214†). See VDB-4016, VDB-4014, VDB-4012 and VDB-4011 for similar entries. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.8VulDB Meta Temp Score: 8.4
VulDB Base Score: 8.8
VulDB Temp Score: 8.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 40559
Nessus Name: MS09-040: Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 900908
OpenVAS Name: Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS09-040
Timeline
06/04/2009 🔍08/11/2009 🔍
08/11/2009 🔍
08/11/2009 🔍
08/11/2009 🔍
08/11/2009 🔍
08/11/2009 🔍
08/11/2009 🔍
08/12/2009 🔍
08/12/2009 🔍
08/18/2009 🔍
04/07/2025 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS09-040
Researcher: Nikita Tarakanov
Organization: Positive Technologies Research Team
Status: Confirmed
CVE: CVE-2009-1922 (🔍)
GCVE (CVE): GCVE-0-2009-1922
GCVE (VulDB): GCVE-100-4013
OVAL: 🔍
X-Force: 52107
SecurityFocus: 35969 - Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability
Secunia: 36214 - Microsoft Windows Message Queuing Service Privilege Escalation, Less Critical
OSVDB: 56901 - Microsoft Windows Message Queuing Service (MSMQ) mqac.sys IOCTL Request Parsing Local Privilege Escalation
SecurityTracker: 1022714 - Windows Message Queuing Service (MSMQ) NULL Pointer Flaw Lets Local Users Gain Elevated Privileges
Vulnerability Center: 23193 - [MS09-040] Microsoft Windows MSMQ Local Null Pointer and Code Execution Vulnerability, High
See also: 🔍
Entry
Created: 08/18/2009 19:35Updated: 04/07/2025 14:49
Changes: 08/18/2009 19:35 (83), 02/13/2017 10:07 (12), 03/17/2021 12:31 (3), 04/07/2025 14:49 (16)
Complete: 🔍
Cache ID: 216:145:103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.