Attention Windows admins! There is a critical vulnerability in the Microsoft Message Queuing Service (MSMQ) that needs to be addressed immediately. If not taken care of, attackers could execute malicious code and compromise systems entirely. The vulnerability, also known as CVE-2023-21554, was closed on Patchday in April. Attackers require the MSMQ server to be active to execute attacks, which is not the case by default. However, the service is often activated as a part of Exchange installations, making the gap quite significant.
Admins must check whether the “Message Queuing” service is running and listening on TCP port 1801 to ensure that systems are not vulnerable. Warning from Microsoft suggests that several Windows versions, including Windows 10, 11, and Windows Server 20H2, are affected. Message Queuing is a messaging infrastructure and development platform that enables messaging-queue applications to communicate with offline PCs and guarantees message delivery.
The vulnerability was discovered by Checkpoint security researchers, who state that attackers require sending their exploit code to the TCP port 1801 of MSMQ servers to trigger an attack. Therefore, admins must make sure to patch their systems as soon as possible to prevent attackers from exploiting the vulnerability.
According to scans by Shadowserver, the MSMQ service is publicly available on over 400,000 Windows systems worldwide. If these systems are not yet patched, attackers could quickly strike. A majority of these vulnerable systems can be found in Hong Kong, with 160,000 instances. The US has around 57,000 vulnerable systems, while almost 8,000 systems are publicly accessible in Germany.
In conclusion, Windows admins must take action immediately to patch their systems against the MSMQ vulnerability. Failure to do so could cause malicious attackers to execute code and compromise the system entirely. Be vigilant, and stay updated on the latest security alerts to ensure a safe computing experience.
