Skip to main content

CVE-2023-21554 – Hunt For MSMQ QueueJumper In The Environment

CVE-2023-21554 – Hunt For MSMQ QueueJumper In The Environment

Check Point Research recently discovered three vulnerabilities in the Microsoft Message Queuing service commonly known as MSMQ. These vulnerabilities were disclosed to Microsoft and patched in the April Patch Day Update. The most severe of these, dubbed QueueJumper (CVE-2023-21554) by the checkpoint research team , could allow an unauthenticated attacker to remotely execute arbitrary code in the context of the Windows service process mqsvc.exe.

MSMQ
According to Microsoft, Microsoft Message Queuing (“MSMQ” for short), 

“is a message infrastructure and a development platform for creating distributed, loosely-coupled messaging applications for the Microsoft® Windows® operating system. Message Queuing applications can use the Message Queuing infrastructure to communicate across heterogeneous networks and with computers that may be offline. Message Queuing provides guaranteed message delivery, efficient routing, security, transaction support, and priority-based messaging.”

The QueueJumper Vulnerability

The CVE-2023-21554  vulnerability allows an attacker to potentially execute code remotely and without authorization by reaching the TCP port 1801. In other words, an attacker could gain control of the process through just one packet to the 1801/tcp port with the exploit, triggering the vulnerability.

The Impact

We now know the attack vector sends packets to the service port 1801/tcp. In order to have a better understanding of the potential impact in the real world of this service, CPR did a full Internet scan.

Protection & Mitigation

Checkpoint recommend all Windows admins check their servers and clients to see if the MSMQ service is installed. You can check if there is a service running named ‘Message Queuing’, and TCP port 1801 is listening on the computer. If it is installed, double-check if you need it. Closing unnecessary attack surfaces is always a very good security practice.as soon as possible. If your business requires MSMQ but is unable to apply Microsoft’s patch right now, you may block the inbound connections for 1801/tcp from untrusted sources with Firewall rules (for example, blocking Internet connections to 1801/tcp for Internet-facing machines), as a workaround.

Check Point IPS has developed and deployed a signature named “

For this particular vulnerability we discussed, we recommend users install Microsoft’s official patch as soon as possible. If your business requires MSMQ but is unable to apply Microsoft’s patch right now, you may block the inbound connections for 1801/tcp from untrusted sources with Firewall rules (for example, blocking Internet connections to 1801/tcp for Internet-facing machines), as a workaround.

Check Point IPS has developed and deployed a signature named  “Microsoft Message Queuing Remote Code Execution (CVE-2023-21554)”to detect and protect our customers against the QueueJumper vulnerability.

Labels:

Comments

Post a Comment

Popular posts from this blog

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) (: Cyber Crime Lows :)

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) (: Cyber Crime Lows :) The CitationInformation Technology Act, 2000Enacted byParliament of IndiaEnacted9 June 2000Assented to9 June 2000Signed9 May 2000Commenced17 October 2000Introduced byPramod Mahajan Minister of Communications and Information TechnologyAmended byIT (Amendment) Act 2008 The bill was passed in the budget session of 2000 and signed by President K. R. Narayanan on 9 May 2000. The bill was finalised by a group of officials headed by the Minister of Information Technology Pramod Mahajan 68Failure/refusal to comply with ordersImprisonment up to 2 years, or/and with fine up to ₹1,00,00069Failure/refusal to decrypt dataImprisonment up to seven years and possible fine.70Securing access or attempting to secure access to a protected systemImprisonment up to ten years, or/and with fine.71MisrepresentationImprisonment up to 2 years, or/and with fine up to ₹1,00,00072Breach of co...
Post a Comment
Read more

Explore Your Project with Graphic Designer Md Aman - He'll Give it His Best!

Are you looking to make your project stand out with professional designs? Look no further than Md Aman, a talented graphic designer who is ready to give your project his very best. He has a wealth of experience and knowledge of the industry that will ensure you get the perfect result. With Md Aman, you'll be able to explore your project in exciting new ways that will make it stand out and impress everyone. Get ready to experience the best graphic design services available today!
Post a Comment
Read more

How to Hack insta..Facebook.. hack social media account andbcrypto account

NOTE: This post is only for educational purpose. I and this website do not support any criminal activity. If you are doing any sort of misuse of this information This website is not responsible for that. THIS YouTube Channel ONLY SUPPORT ETHICAL HACKING. Download Zphisher tool full video.zip 👇👇👇👇👇👇👇👇 Click Here  👈👈👈👈 ☝☝☝☝ Download & after decompress file and watch full video HD quality NOTE: This post is only for educational purpose. I and this website do not support any criminal activity. If you are doing any sort of misuse of this information This website is not responsible for that. THIS YouTube Channel ONLY SUPPORT ETHICAL HACKING. What is Termux Zphisher Phishing Tool? Termux ZPhisher is an Advanced Phishing Tool that allows hackers to perform phishing attacks using termux on their Android phones. This tool is almost similar to the Hidden Eye Tool as well as it also has some features of ADV Phishing Tool. This tool has 30 phishing pages incl...
Post a Comment
Read more