Warning: "Critical Vulnerability in Windows Message Queuing Service Exposes Hundreds of Thousands of Servers to Attacks"
A critical vulnerability has been discovered in the Windows Message Queuing (MSMQ) middleware service, which can potentially expose hundreds of thousands of systems to attacks. Security experts and researchers have warned Windows admins about the vulnerability, which has already been patched by Microsoft as part of the April Patch Tuesday release.
MSMQ is an optional component available on all Windows operating systems, which allows apps to have network communication capabilities with guaranteed message delivery. However, the vulnerability (CVE-2023-21554) allows unauthenticated attackers to execute code remotely on unpatched Windows servers by exploiting malicious MSMQ packets that have been carefully constructed.
The vulnerability affects all currently supported releases of Windows, including the latest versions - Windows 11 22H2 and Windows Server 2022. Check Point Research estimated that the vulnerability can target more than 360,000 Internet-exposed servers running the MSMQ service, which may be a conservative estimate since devices running the service that aren't reachable over the Internet aren't included in the estimation.
Given that the service is an optional Windows component that is not activated by default, and is utilized by other programs, it is frequently toggled on in the background when installing enterprise apps, and continues to function long after the apps have been uninstalled. MSMQ is also automatically enabled during Exchange Server installs.
Since the vulnerability is low complexity and doesn't require user interaction, it is likely to be targeted by threat actors. Therefore, Microsoft advises admins to patch the vulnerability immediately, and companies who are unable to apply the patch can disable the MSMQ service to remove the attack vector. Firewall rules can also be used to prevent 1801/TCP connections from coming from untrusted sources.
Recommended by LinkedIn
IMPORTANT POINTS
Conclusion: