Hundreds of Thousands of Windows Systems Vulnerable to QueueJumper Bug in MSMQ
Check Point Research recently discovered three vulnerabilities in the Microsoft Message Queuing service, a service that enables asynchronous communication between applications (such as systems that are sometimes offline). While MSMQ is not enabled by default and the bugs have been fixed since last Patch Day, hundreds of thousands of systems still appear to be vulnerable. The bugs have been assigned the codes CVE-2023-21554 , CVE-2023-21769 , and CVE-2023-28302 , with a score of 9.8 and 7.5 points out of 10 twice, respectively. The former is called QueueJumper and is categorized as critical given its high rating. This is because attackers can use modified MSMQ packets to execute malicious code on MSMQ-enabled systems. CPR recommends applying appropriate security updates as soon as possible. If this is not possible, system administrators should verify that the Message Queuing service is being used and that TCP port 1801 is open. Check Point has determined that this is the case for more than 360,000 systems. According to Shadowserver, there are no less than 403,000 vulnerable configurations, the vast majority of which are based in Hong Kong, South Korea and the US.