Microsoft Message Queue (MQ) Severe Vulnerability
April 12th, 2023 |
Recent Research has discovered three new vulnerabilities in the Microsoft Message Queuing (MSMQ) service, which is a component of Microsoft’s heavily utilized .NET development platform.
MSMQ helps ensure messages are delivered reliably and in order, even if there are problems with the network or the computer. These MSMQ vulnerabilities currently impact all Windows operating systems including the latest Windows Server 2022 and Windows 11.
The most severe vulnerability, dubbed “QueueJumper,” can allow an attacker to remotely take over the MSMQ process on the vulnerable system, by sending a specially crafted message, allowing the execution of code remotely.
When the Windows Message Queuing service is enabled, an attacker who successfully exploits this vulnerability could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.
The vulnerabilities are:
- CVE-2023-21554 (QueueJumper) — Unauthorized Remote Code Execution
- CVE-2023-21769 — Unauthorized Remote Application-Level DoS (service crash)
- CVE-2023-28302 — Unauthorized Remote Kernel Level DoS (Windows BSOD)
Acreto Solution
Isolate the Internet and Internal Attack Surface
Acreto’s Ecosystem security addresses this vulnerability by segmenting and isolating these systems so that there is no exposure to any attack surface from the Internet or even other internal systems. The host systems are accessible only for users, devices, systems and applications that need to interoperate with them.
Prevent Unauthorized Access for Authorized Systems
Moreover, for Ecosystem members that do need to interoperate with the systems hosting MSMQ, Acreto can limit the application protocols and application programs to only those they are entitled and authorized to use and nothing else.
Perform Threat and Integrity Validation for Authorized Systems with Authorized Access
For Ecosystem members that need to communicate with one another using MSMQ, Acreto can ensure the integrity of the communications and mitigate any malicious communication attempts.
Planning Time: 1 Hour
Deployment Time: 2-4 Hours
About Acreto
Acreto delivers full-stack cybersecurity without products, logistics or significant security expertise. It creates and consolidates the best of cybersecurity into a single plug-and-play platform with automated updates to stay ahead of threats. Acreto activates enterprise-grade security instantly, so organizations can run safely, easily, and without interruption.