Skip to main content

CVE-2023-21554 – Hunt For MSMQ QueueJumper In The Environment

CVE-2023-21554 – Hunt For MSMQ QueueJumper In The Environment

Check Point Research recently discovered three vulnerabilities in the Microsoft Message Queuing service commonly known as MSMQ. These vulnerabilities were disclosed to Microsoft and patched in the April Patch Day Update. The most severe of these, dubbed QueueJumper (CVE-2023-21554) by the checkpoint research team , could allow an unauthenticated attacker to remotely execute arbitrary code in the context of the Windows service process mqsvc.exe.

MSMQ
According to Microsoft, Microsoft Message Queuing (“MSMQ” for short), 

“is a message infrastructure and a development platform for creating distributed, loosely-coupled messaging applications for the Microsoft® Windows® operating system. Message Queuing applications can use the Message Queuing infrastructure to communicate across heterogeneous networks and with computers that may be offline. Message Queuing provides guaranteed message delivery, efficient routing, security, transaction support, and priority-based messaging.”

The QueueJumper Vulnerability

The CVE-2023-21554  vulnerability allows an attacker to potentially execute code remotely and without authorization by reaching the TCP port 1801. In other words, an attacker could gain control of the process through just one packet to the 1801/tcp port with the exploit, triggering the vulnerability.

The Impact

We now know the attack vector sends packets to the service port 1801/tcp. In order to have a better understanding of the potential impact in the real world of this service, CPR did a full Internet scan.

Protection & Mitigation

Checkpoint recommend all Windows admins check their servers and clients to see if the MSMQ service is installed. You can check if there is a service running named ‘Message Queuing’, and TCP port 1801 is listening on the computer. If it is installed, double-check if you need it. Closing unnecessary attack surfaces is always a very good security practice.as soon as possible. If your business requires MSMQ but is unable to apply Microsoft’s patch right now, you may block the inbound connections for 1801/tcp from untrusted sources with Firewall rules (for example, blocking Internet connections to 1801/tcp for Internet-facing machines), as a workaround.

Check Point IPS has developed and deployed a signature named “

For this particular vulnerability we discussed, we recommend users install Microsoft’s official patch as soon as possible. If your business requires MSMQ but is unable to apply Microsoft’s patch right now, you may block the inbound connections for 1801/tcp from untrusted sources with Firewall rules (for example, blocking Internet connections to 1801/tcp for Internet-facing machines), as a workaround.

Check Point IPS has developed and deployed a signature named  “Microsoft Message Queuing Remote Code Execution (CVE-2023-21554)”to detect and protect our customers against the QueueJumper vulnerability.

Labels:

Comments

Post a Comment

Popular posts from this blog

Episode 03: Sabito and Makomo Demon Slayer season 3 Hindi watch and @followers #demonslayer

Episode 03: Sabito and Makomo Demon Slayer season 3 Hindi watch and @followers #demonslayer link 👉 Click & watch
Post a Comment
Read more

Explore Your Project with Graphic Designer Md Aman - He'll Give it His Best!

Are you looking to make your project stand out with professional designs? Look no further than Md Aman, a talented graphic designer who is ready to give your project his very best. He has a wealth of experience and knowledge of the industry that will ensure you get the perfect result. With Md Aman, you'll be able to explore your project in exciting new ways that will make it stand out and impress everyone. Get ready to experience the best graphic design services available today!
Post a Comment
Read more

Benefits of Angular.js, RoR, & Product Software Dev for Your Next Project

Benefits of Angular.js, RoR, & Product Software Dev for Your Next Project Are you planning a new project and not sure which language or framework to use? Angular.js, Ruby on Rails, and product software development are all great options for your app or website. Each has unique benefits that can help make the development process faster and easier. In this article, we will discuss the advantages of each option, so you can decide which is best suited for your needs. This article will examine why Angular.js is an excellent choice for building single-page applications. We’ll also discuss how Ruby on Rails offers developers a highly productive platform with built-in tools for rapid application development (RAD). Finally, we’ll determine what makes product software development attractive when creating complex products like e-commerce websites or mobile apps. Three Software Tools for Your Projects All three software tools have advantages and can be used to create various applica...
Post a Comment
Read more