Published: 11/04/2023 Updated: 19/04/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Microsoft Message Queuing Remote Code Execution Vulnerability

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows server 2008 r2
microsoft windows server 2012 r2
microsoft windows server 2016 -
microsoft windows server 2008 -
microsoft windows server 2012 -
microsoft windows server 2019 -
microsoft windows server 2022 -
microsoft windows 10 20h2
microsoft windows 11 21h2
microsoft windows 10 21h2
microsoft windows 11 22h2
microsoft windows 10 22h2
microsoft windows 10 1809
microsoft windows 10 1607

Check Point Reference: CPAI-2023-0216 Date Published: 11 Apr 2023 Severity: Critical ...

Critical Infrastructure Sectors: Critical Manufacturing

This module checks the provided hosts for the CVE-2023-21554 vulnerability by sending a MSMQ message with an altered DataLength field within the SRMPEnvelopeHeader that overflows the given buffer On patched systems, the error is caught and no response is sent back On vulnerable systems, the integer wraps around and d ...

This module checks the provided hosts for the CVE-2023-21554 vulnerability by sending a MSMQ message with an altered DataLength field within the SRMPEnvelopeHeader that overflows the given buffer. On patched systems, the error is caught and no response is sent back. On vulnerable systems, the integer wraps around and depending on the length could cause an out-of-bounds write. In the context of this module a response is sent back, which indicates that the system is vulnerable.

msf > use auxiliary/scanner/msmq/cve_2023_21554_queuejumper
msf auxiliary(cve_2023_21554_queuejumper) > show actions
    ...actions...
msf auxiliary(cve_2023_21554_queuejumper) > set ACTION < action-name >
msf auxiliary(cve_2023_21554_queuejumper) > show options
    ...show and set options...
msf auxiliary(cve_2023_21554_queuejumper) > run

CVE-2023-21554 Windows MessageQueuing PoC，分析见 https://www.zoemurmure.top/posts/cve_2023_21554/

CVE-2023-21554-PoC CVE-2023-21554 Windows MessageQueuing PoC，分析见 wwwzoemurmuretop/posts/cve_2023_21554/ poc 文件执行前需要自行修改目标机器 IP 地址 poc 成功的标志是 mqsvcexe 进程的崩溃，并没有弹窗信息，需要在类似进程监控器的程序里看到

CVE-2023-21554-PoC CVE-2023-21554 Windows MessageQueuing PoC， The sign of Poc success is the crash of the mqsvcexe process, and there is no pop-up message, which needs to be seen in a process monitor-like program Execute command in windows terminal or command prompt **python pocpy ** Enter IP address of the victim PC and hit enter

Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting

KustQueryLanguage_kql Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting Use at your own risk Some queries have been tested and verified within the lab Others have resulted from research into threat reports or those shared by researchers with the community MITRE ATT&CK Mapping Initial Access Technique Description Link Tag

April Patch Tuesday: Ransomware gangs already exploiting this Windows bug

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Plus Google, SAP, Adobe and Cisco emit fixes

Microsoft patched 97 security flaws today for April's Patch Tuesday including one that has already been found and exploited by miscreants attempting to deploy Nokoyawa ransomware. Redmond deemed seven of the now-patched vulnerabilities "critical" and the rest merely "important." Microsoft, as usual, didn't disclose the extent of attacks against CVE-2023-28252, a privilege elevation bug in the Windows Common Log File System (CLFS) driver, infosec folk say they've spotted attempts to deploy the No...

CVE-2023-21554

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Exploits

Metasploit Modules

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect