Application Details
Message Queuing (MSMQ) technology enables applications running at different times to communicate across heterogeneous networks, and systems that may be temporarily offline. Applications send messages to queues and read messages from queues.
Vulnerability
CVE-2023-21554 (QueueJumper) is a critical vulnerability in the Windows Message Queuing (MSMQ) service. This service is available on all Windows operating systems and can be enabled via Control Panel or Powershell.
Although the service is optional, researchers at Check Point Research have stated that when installing the official Microsoft Exchange Server, the setup wizard would enable the MSMQ service if recommended features are selected.
Identification
By sending specially crafted malicious MSMQ packets to an MSMQ server using TCP port 1801, an unauthorised attacker could exploit this vulnerability to execute arbitrary code on the server side.
Detection
By turning this into a traffic file and matching rule, we are able to detect attempts to execute arbitrary code on the server side.
Coverage
Idappcom have created signature 8023730 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comments