Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-35349 is Critical remote code execution (RCE) vulnerabilities affecting Microsoft Message Queuing (MSMQ), and a CVSS score of 9.8.

MSMQ has been highlighted in the past blogs and continues to be patched. To successfully exploit this vulnerability, an attacker would have to send a specifically crafted malicious MSMQ packet to a MSMQ server, leading to remote code execution. This Windows component needs to be enabled for a system to be vulnerable. Microsoft recommends checking if the “Message Queuing” service is running and TCP port 1801 is listening on the machine; if service is running and not being utilized, consider disabling

Affected Systems

-

IoC’s

-

Recommended Solution(s)

-

CVE / CWE

CVE-2023-35349

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2023-35349
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.