Security
Headlines
HeadlinesLatestCVEs

Headline

Critical Flaws Exposed Microsoft Message Queuing Service to DoS Attacks

By Deeba Ahmed Researchers at the AI-powered Security solutions provider, FortiGuard Labs, have been monitoring Microsoft Message Queuing (MSMQ) service for… This is a post from HackRead.com Read the original post: Critical Flaws Exposed Microsoft Message Queuing Service to DoS Attacks

HackRead
#vulnerability#web#windows#microsoft#ddos#dos#rce#perl#auth

Researchers at the AI-powered Security solutions provider, FortiGuard Labs, have been monitoring Microsoft Message Queuing (MSMQ) service for the past few months. In an exclusive research report shared with Hackread.com, the company revealed details of multiple security vulnerabilities in the widely used message queuing service.

The vulnerabilities allow remote code execution and denial of service attacks (DoS attacks), mainly impacting Windows-based devices with MSMQ installed.

Vulnerabilities Details

FortiGuard Lab’s research report, authored by Wayne Low and published on July 24, 2023, explains that the vulnerabilities have been categorized as critical. The details of each flaw are as follows:

The flaw allows out-of-bounds read because of not validating some critical functions, including EodHeader, StreamIdSize, and OrderQueueSize before they are accessed in the message header parser routine (CQmPacket::CQmPacket).

Researchers agree that this information disclosure exploit is implausible, but attackers can easily achieve a denial of service attack if the out-of-bound read accesses an invalid address. FortiGuard Labs released the MS.Windows.Message.Queuing.Service.CVE-2023-28302.DoS signature to detect this flaw.

When the message header parser CQmPacket::CQmPacket doesn’t validate a message header with an arbitrary size, out-of-bound write occurs.

Further probing revealed that some message headers, for instance, EodHeader, EodAckHeader, and CompoundMessageHeader EodHeader, EodAckHeader, and CompoundMessageHeader, let attackers specify an improperly sanitized arbitrary size/length if the message header parser (that typically adjusts the pointer per each header’s pre-defined data structures) gets adjusted to point to an arbitrary location.

This would be an invalid address and can cause memory corruption if the message header gets dereferenced later in the code. To detect this issue, FortiGuard Labs released the IPS signature MS.Windows.MSMQ.CVE-2023-21554.Remote.Code.Execution.

This issue occurs due to a manual code audit when the CompoundMessage header fails to run a sanity check on its data structure.

What is MSMQ?

MSMQ is a standalone Windows server hosted under MQSVC.EXE. Microsoft developed this proprietary messaging protocol much on the lines of the open-source RabitMQ so that applications running on different computers can communicate in a failsafe manner.

Messages that cannot reach their destination are placed in a queue and are resent when the destination is reachable. Typical MSMQ packet includes headers like BaseHeader, UserHeader, and MessagePropertiesHeader and may also include TransactionHeader, SecurityHeader, DebugHeader, and SessionHeader.

Fortinet urges customers to immediately identify network assets vulnerable to the abovementioned vulnerabilities and apply patches. The company notified Microsoft about these issues as part of responsible disclosure practice. Microsoft promptly released patches in April and July 2023 security updates.

RELATED ARTICLES

  1. Check Point: Microsoft the Most Phished Brand in Q2 2023
  2. Microsoft Discloses DDoS Attack Impact with Limited Details
  3. Microsoft Teams Flaw Sends Malware to Employees’ Inboxes
  4. Microsoft sued for alleged misuse of stolen Dark Web credentials
  5. New Phishing Attack Spoofs Microsoft 365 Authentication System

Related news

CVE-2023-21554 QueueJumper - MSMQ Remote Code Execution Check

This Metasploit module checks the provided hosts for the CVE-2023-21554 vulnerability by sending a MSMQ message with an altered DataLength field within the SRMPEnvelopeHeader that overflows the given buffer. On patched systems, the error is caught and no response is sent back. On vulnerable systems, the integer wraps around and depending on the length could cause an out-of-bounds write. In the context of this module a response is sent back, which indicates that the system is vulnerable.

Microsoft Advisories Are Getting Worse

A predictable patch cadence is nice, but the software giant can do more.

Microsoft Patch Tuesday April 2023: CLFS EoP, Word RCE, MSMQ QueueJumper RCE, PCL6, DNS, DHCP

Hello everyone! This episode will be about Microsoft Patch Tuesday for April 2023, including vulnerabilities that were added between February and March Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. And this is […]

Update now! April’s Patch Tuesday includes a fix for one zero-day

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Apple Tags: Google Tags: Adobe Tags: Cisco Tags: SAP Tags: Mozilla Tags: CVE-2023-28252 Tags: CVE-2023-28231 Tags: CVE-2023-21554 Tags: Word Tags: Publisher Tags: Office One fixed vulnerability is being actively exploited by a ransomware gang and many others were fixed in this month's Patch Tuesday updates. (Read more...) The post Update now! April’s Patch Tuesday includes a fix for one zero-day appeared first on Malwarebytes Labs.

Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20

Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20

Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs

The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.

CVE-2023-28302

Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-21554

Microsoft Message Queuing Remote Code Execution Vulnerability

Microsoft Patch Tuesday for April 2023 — Snort rules and prominent vulnerabilities

April is the third month in a row in which at least one of the vulnerabilities Microsoft released in a Patch Tuesday had been exploited in the wild prior to disclosure.

HackRead: Latest News

Hackers Release Second Batch of Stolen Cisco Data