Windows administrators should quickly apply for “very important“A security vulnerability in the Microsoft Message Queuing Service (MSMQ) in Windows and Windows Server. If the attacks are successful, attackers can execute malicious code and completely compromise systems.
Gap
The vulnerability (CVE-2023-21554) was closed in Patchday in April. As a prerequisite for attacks, the MSMQ server must be active, which is not the case by default. However, the service is often activated in the context of Exchange installations, so the gap should not be underestimated. To check if systems are vulnerable, administrators should check if Message Queuing is running and listening on TCP port 1801. According to a warning from Microsoft Among others, Windows 10, 11, and several versions of Windows Server such as 20H2 are affected.
Message Queuing is a messaging infrastructure and development platform. Message queuing applications can use this to communicate with computers that may not be connected to the Internet. The service is designed to ensure that messages are delivered.
Checkpoint security researchers discovered the vulnerability. According to them, attackers would just have to send their exploit code to TCP port 1801 of the MSMQ servers to launch an attack.
Patch now!
According to surveys by Shadowsever, the MSMQ service is publicly available on more than 400,000 Windows systems worldwide. If these systems are not fixed yet, attackers can attack. The majority of these can be found in Hong Kong with 160,000 cases. In the United States, there are about 57,000. Approximately 8,000 systems are publicly available in Germany.
(to)
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”
More Stories
Microsoft is preparing a new AI model to compete with Google and OpenAI, The Information reports
These are the four new Instagram story stickers
Spotify embeds functionality into premium subscription – customers are frustrated