Skip to main content

CVE-2023-21554 – Hunt For MSMQ QueueJumper In The Environment

CVE-2023-21554 – Hunt For MSMQ QueueJumper In The Environment

Check Point Research recently discovered three vulnerabilities in the Microsoft Message Queuing service commonly known as MSMQ. These vulnerabilities were disclosed to Microsoft and patched in the April Patch Day Update. The most severe of these, dubbed QueueJumper (CVE-2023-21554) by the checkpoint research team , could allow an unauthenticated attacker to remotely execute arbitrary code in the context of the Windows service process mqsvc.exe.

MSMQ
According to Microsoft, Microsoft Message Queuing (“MSMQ” for short), 

“is a message infrastructure and a development platform for creating distributed, loosely-coupled messaging applications for the Microsoft® Windows® operating system. Message Queuing applications can use the Message Queuing infrastructure to communicate across heterogeneous networks and with computers that may be offline. Message Queuing provides guaranteed message delivery, efficient routing, security, transaction support, and priority-based messaging.”

The QueueJumper Vulnerability

The CVE-2023-21554  vulnerability allows an attacker to potentially execute code remotely and without authorization by reaching the TCP port 1801. In other words, an attacker could gain control of the process through just one packet to the 1801/tcp port with the exploit, triggering the vulnerability.

The Impact

We now know the attack vector sends packets to the service port 1801/tcp. In order to have a better understanding of the potential impact in the real world of this service, CPR did a full Internet scan.

Protection & Mitigation

Checkpoint recommend all Windows admins check their servers and clients to see if the MSMQ service is installed. You can check if there is a service running named ‘Message Queuing’, and TCP port 1801 is listening on the computer. If it is installed, double-check if you need it. Closing unnecessary attack surfaces is always a very good security practice.as soon as possible. If your business requires MSMQ but is unable to apply Microsoft’s patch right now, you may block the inbound connections for 1801/tcp from untrusted sources with Firewall rules (for example, blocking Internet connections to 1801/tcp for Internet-facing machines), as a workaround.

Check Point IPS has developed and deployed a signature named “

For this particular vulnerability we discussed, we recommend users install Microsoft’s official patch as soon as possible. If your business requires MSMQ but is unable to apply Microsoft’s patch right now, you may block the inbound connections for 1801/tcp from untrusted sources with Firewall rules (for example, blocking Internet connections to 1801/tcp for Internet-facing machines), as a workaround.

Check Point IPS has developed and deployed a signature named  “Microsoft Message Queuing Remote Code Execution (CVE-2023-21554)”to detect and protect our customers against the QueueJumper vulnerability.

Labels:

Comments

Post a Comment

Popular posts from this blog

Flipper Zero explained: What to know about the viral hacker tool ( Professional Hacker Used this toll

Flipper Zero explained: What to know about the viral hacker tool ( Professional Hacker Used this toll Flipper Zero explained: What to know about the viral hacker tool The hacking tool blew up on TikTok. Unlike other TikTok trends, it is a powerful tool that can be used by serious pen testers and a learning device for new hackers. Ben Lutkevich, Technical Features Writer Published: 02 Mar 2023 Wireless signals are everywhere. Phones, Wi-Fi networks and bank cards are just a few technologies that use wireless signals to communicate. Hacking them typically requires some cybersecurity knowledge, but Flipper Zero makes it a cinch. Flipper Zero is a toy-like portable hacking tool. The multi-tool is marketed to "geeks," red team hackers and pen testers to expose vulnerabilities in the world around them, like a cybersecurity X-ray. The tool is open source and completed a successful Kickstarter in 2020. The tool gained popularity o...
Post a Comment
Read more

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) (: Cyber Crime Lows :)

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) (: Cyber Crime Lows :) The CitationInformation Technology Act, 2000Enacted byParliament of IndiaEnacted9 June 2000Assented to9 June 2000Signed9 May 2000Commenced17 October 2000Introduced byPramod Mahajan Minister of Communications and Information TechnologyAmended byIT (Amendment) Act 2008 The bill was passed in the budget session of 2000 and signed by President K. R. Narayanan on 9 May 2000. The bill was finalised by a group of officials headed by the Minister of Information Technology Pramod Mahajan 68Failure/refusal to comply with ordersImprisonment up to 2 years, or/and with fine up to ₹1,00,00069Failure/refusal to decrypt dataImprisonment up to seven years and possible fine.70Securing access or attempting to secure access to a protected systemImprisonment up to ten years, or/and with fine.71MisrepresentationImprisonment up to 2 years, or/and with fine up to ₹1,00,00072Breach of co...
Post a Comment
Read more

Twitter Hacked - Hackers GDPR threat to Elon Musk We have data of 400 million Twitter user

Hackers ‘GDPR’ threat to Elon Musk: We have data of 400 million Twitter users A hacker has claimed that he has obtained the data of 400 million  Twitter  users and is asking the company CEO  Elon Musk  to buy it so that he can avoid a fine from the EU for  GDPR  data breach. The threat actor has also provided a sample of data as a proof and claims that it includes emails as well as phone numbers of celebrities, politicians, among others How did the hacker get private data The seller, who is reported to be a member of data breach forums named  Ryushi , claims that he/ she got them by exploiting a vulnerability. The hacker says the private data includes emails and phone numbers of people of clout. Alon Gal, co-founder and CTO at Hudson Rock cybersecurity company, posted the details of the hack on LinkedIn Hacker wants to sell data to Musk Reportedly, the seller is trying to strike a deal with Twitter CEO Musk to buy the data to avoid GDPR l...
Post a Comment
Read more