Skip to main content

CVE-2023-21554 – Hunt For MSMQ QueueJumper In The Environment

CVE-2023-21554 – Hunt For MSMQ QueueJumper In The Environment

Check Point Research recently discovered three vulnerabilities in the Microsoft Message Queuing service commonly known as MSMQ. These vulnerabilities were disclosed to Microsoft and patched in the April Patch Day Update. The most severe of these, dubbed QueueJumper (CVE-2023-21554) by the checkpoint research team , could allow an unauthenticated attacker to remotely execute arbitrary code in the context of the Windows service process mqsvc.exe.

MSMQ
According to Microsoft, Microsoft Message Queuing (“MSMQ” for short), 

“is a message infrastructure and a development platform for creating distributed, loosely-coupled messaging applications for the Microsoft® Windows® operating system. Message Queuing applications can use the Message Queuing infrastructure to communicate across heterogeneous networks and with computers that may be offline. Message Queuing provides guaranteed message delivery, efficient routing, security, transaction support, and priority-based messaging.”

The QueueJumper Vulnerability

The CVE-2023-21554  vulnerability allows an attacker to potentially execute code remotely and without authorization by reaching the TCP port 1801. In other words, an attacker could gain control of the process through just one packet to the 1801/tcp port with the exploit, triggering the vulnerability.

The Impact

We now know the attack vector sends packets to the service port 1801/tcp. In order to have a better understanding of the potential impact in the real world of this service, CPR did a full Internet scan.

Protection & Mitigation

Checkpoint recommend all Windows admins check their servers and clients to see if the MSMQ service is installed. You can check if there is a service running named ‘Message Queuing’, and TCP port 1801 is listening on the computer. If it is installed, double-check if you need it. Closing unnecessary attack surfaces is always a very good security practice.as soon as possible. If your business requires MSMQ but is unable to apply Microsoft’s patch right now, you may block the inbound connections for 1801/tcp from untrusted sources with Firewall rules (for example, blocking Internet connections to 1801/tcp for Internet-facing machines), as a workaround.

Check Point IPS has developed and deployed a signature named “

For this particular vulnerability we discussed, we recommend users install Microsoft’s official patch as soon as possible. If your business requires MSMQ but is unable to apply Microsoft’s patch right now, you may block the inbound connections for 1801/tcp from untrusted sources with Firewall rules (for example, blocking Internet connections to 1801/tcp for Internet-facing machines), as a workaround.

Check Point IPS has developed and deployed a signature named  “Microsoft Message Queuing Remote Code Execution (CVE-2023-21554)”to detect and protect our customers against the QueueJumper vulnerability.

Labels:

Comments

Post a Comment

Popular posts from this blog

Flipper Zero explained: What to know about the viral hacker tool ( Professional Hacker Used this toll

Flipper Zero explained: What to know about the viral hacker tool ( Professional Hacker Used this toll Flipper Zero explained: What to know about the viral hacker tool The hacking tool blew up on TikTok. Unlike other TikTok trends, it is a powerful tool that can be used by serious pen testers and a learning device for new hackers. Ben Lutkevich, Technical Features Writer Published: 02 Mar 2023 Wireless signals are everywhere. Phones, Wi-Fi networks and bank cards are just a few technologies that use wireless signals to communicate. Hacking them typically requires some cybersecurity knowledge, but Flipper Zero makes it a cinch. Flipper Zero is a toy-like portable hacking tool. The multi-tool is marketed to "geeks," red team hackers and pen testers to expose vulnerabilities in the world around them, like a cybersecurity X-ray. The tool is open source and completed a successful Kickstarter in 2020. The tool gained popularity o...
Post a Comment
Read more

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) (: Cyber Crime Lows :)

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) (: Cyber Crime Lows :) The CitationInformation Technology Act, 2000Enacted byParliament of IndiaEnacted9 June 2000Assented to9 June 2000Signed9 May 2000Commenced17 October 2000Introduced byPramod Mahajan Minister of Communications and Information TechnologyAmended byIT (Amendment) Act 2008 The bill was passed in the budget session of 2000 and signed by President K. R. Narayanan on 9 May 2000. The bill was finalised by a group of officials headed by the Minister of Information Technology Pramod Mahajan 68Failure/refusal to comply with ordersImprisonment up to 2 years, or/and with fine up to ₹1,00,00069Failure/refusal to decrypt dataImprisonment up to seven years and possible fine.70Securing access or attempting to secure access to a protected systemImprisonment up to ten years, or/and with fine.71MisrepresentationImprisonment up to 2 years, or/and with fine up to ₹1,00,00072Breach of co...
Post a Comment
Read more

How to Hack insta..Facebook.. hack social media account andbcrypto account

NOTE: This post is only for educational purpose. I and this website do not support any criminal activity. If you are doing any sort of misuse of this information This website is not responsible for that. THIS YouTube Channel ONLY SUPPORT ETHICAL HACKING. Download Zphisher tool full video.zip 👇👇👇👇👇👇👇👇 Click Here  👈👈👈👈 ☝☝☝☝ Download & after decompress file and watch full video HD quality NOTE: This post is only for educational purpose. I and this website do not support any criminal activity. If you are doing any sort of misuse of this information This website is not responsible for that. THIS YouTube Channel ONLY SUPPORT ETHICAL HACKING. What is Termux Zphisher Phishing Tool? Termux ZPhisher is an Advanced Phishing Tool that allows hackers to perform phishing attacks using termux on their Android phones. This tool is almost similar to the Hidden Eye Tool as well as it also has some features of ADV Phishing Tool. This tool has 30 phishing pages incl...
Post a Comment
Read more