Microsoft Message Queuing Remote Code Execution Vulnerability

News 2023-08-26 07:27:11 views: null

Recently, a remote code execution vulnerability of MSMQ was officially announced, which may affect the business due to the update of network security equipment, which deserves everyone's attention.

Overview of Microsoft Message Queuing

MicroSoft Message Queuing (Microsoft Message Queuing) is an asynchronous transmission mode that realizes mutual communication between multiple different applications. The applications that communicate with each other can be distributed on the same machine, or distributed in any connected network space. a location. Its implementation principle is: the sender of the message puts the information he wants to send into a container (we call it Message), and then saves it in a message queue (Message Queue) in the system public space; local or It is the message receiving program in a different place and then takes out the message sent to it from the queue for processing.

Microsoft Message Queuing Vulnerability Description

Name:
Microsoft Message Queuing Remote Code Execution Vulnerability

Description:
Microsoft Message Queuing is prone to a remote code execution vulnerability while parsing certain crafted TCP requests. The vulnerability is due to the lack of proper checks on TCP requests, leading to an exploitable remote code execution vulnerability. An attacker could exploit the vulnerability by sending crafted TCP requests. A successful attack could lead to remote code execution with the privileges of the server.

Microsoft Message Queuing is prone to a remote code execution vulnerability when parsing certain crafted TCP requests. The vulnerability is due to a lack of proper inspection of TCP requests, resulting in an exploitable remote code execution vulnerability. An attacker could exploit the vulnerability by sending crafted TCP requests. A successful attack could result in remote code execution with the server's privileges.

CVE :
CVE-2023-21554

Reference:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2023-21554

insert image description here

How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to the MSMQ server. This could lead to remote code execution on the server side.

The Windows Message Queuing service is a Windows component that needs to be enabled on the system to be exploited by this vulnerability.

You can check to see if there is a service called "Message Queuing" running and listening on TCP port 1801 on that computer.

Microsoft Message Queuing Vulnerability Risk Description

Impact: Remote Code Execution

Maximum Severity: Critical
insert image description here
Complete loss of confidentiality, resulting in the disclosure of all resources within the affected component to the attacker. Or, gain access to only limited information, but the disclosure of the information has immediate, serious repercussions.

Complete loss of integrity, or complete loss of protection. For example, an attacker would be able to modify any/all files protected by the affected component. Alternatively, only some files can be modified, but the malicious modification can have immediate, severe consequences for the affected components.

A complete loss of availability that results in the attacker being able to completely deny access to resources in the affected component; this loss is either ongoing (while the attacker continues the attack) or persistent (even after the attack is complete, which is the case still exists). Alternatively, the attacker has the ability to deny some availability, but the loss of availability has immediate, severe consequences for the affected components (e.g., the attacker cannot destroy existing connections, but new connections can be blocked; the attacker can reuse Vulnerabilities only leak a small amount of memory in each successful attack, but can lead to complete service unavailability after repeated exploitation).

Microsoft Message Queuing Vulnerability Fixes

insert image description here
Recently, critical denial of service and remote code execution vulnerabilities continue to occur in Microsoft Message Queuing, so friends should pay special attention.

recommended reading

Microsoft Message Queuing Denial-of-Service Vulnerability
How small businesses can easily and effectively prevent network attacks and threatsServer vulnerability
repair-check and close the SMBv1 protocol for ransomware transmissionSecurity
knowledge popularization: how to keep your computer safe online, surfing worry-free
OT network security- What measures should be taken for OT client security protection
Popularization of security knowledge: Telecommuting, 5 rules that employees must abide by
Phishing attacks: Identification of similar domain names and how to effectively prevent attacks

Guess you like

Origin blog.csdn.net/weixin_37813152/article/details/132450950
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com