Article directory
1. Vulnerability description
The Windows Message Queuing Service is a Windows component that needs to be enabled in the system to exploit this vulnerability. This component can be added through the control panel. There is a remote code execution vulnerability in Microsoft Message Queuing. An unauthenticated remote attacker triggers this vulnerability by sending a specially crafted malicious MSMQ packet to the MSMQ server, and finally realizes remote code execution on the server side without user interaction. The CVSS score is 9.8.
2. Repair plan
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554
Repair suggestions (choose one):
1. Download the vulnerability repair patch.
Visit the official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554
Download the patch according to the operating system version, fix bugs
2. Turn off the MSMQ service to close the attack channel
Open Control Panel -> Programs and Features -> Enable or disable Windows functions -> Disable Microsoft Message Queuing (MSMQ) server
3. Configure firewall rules to disable 1801/TCP connections
Open Windows Firewall->Advanced Settings->Inbound Rules->New Rules->Disable 1801/TCP Connections
reboot to fix