QID 730967

Date Published: 2023-12-19

QID 730967: Microsoft Windows Message Queuing Remote Code Execution (RCE) Vulnerability (QueueJumper)

Microsoft Windows Message Queuing is vulnerable to Remote Code Execution Vulnerability. (CVE-2023-21554)

KB articles associated with the update:
KB5025285
KB5025288
KB5025287
KB5025272
KB5025279
KB5025277
KB5025271
KB5025273
KB5025228
KB5025234
KB5025221
KB5025239
KB5025224
KB5025230
KB5025229

QID Detection Logic (Unauthenticated):
This QID sends a crafted payload to MSMQ server to check for a vulnerable target.

Successful exploitation of the vulnerability may allow a remote attacker to execute arbitrary code remotely.

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as Critical - 10 severity.
    • Solution
    Please refer to the following KB articles associated with the update:
    KB5025285
    KB5025288
    KB5025287
    KB5025272
    KB5025279
    KB5025277
    KB5025271
    KB5025273
    KB5025228
    KB5025234
    KB5025221
    KB5025239
    KB5025224
    KB5025230
    KB5025229

    Vendor References

    CVEs related to QID 730967

    CVE-2023-21554 |
    Software Advisories
    Advisory ID Software Component Link
    KB5025221 URL Logo support.microsoft.com/en-in/help/5025221
    KB5025224 URL Logo support.microsoft.com/en-in/help/5025224
    KB5025228 URL Logo support.microsoft.com/en-in/help/5025228
    KB5025229 URL Logo support.microsoft.com/en-in/help/5025229
    KB5025230 URL Logo support.microsoft.com/en-in/help/5025230
    KB5025234 URL Logo support.microsoft.com/en-in/help/5025234
    KB5025239 URL Logo support.microsoft.com/en-in/help/5025239
    KB5025271 URL Logo support.microsoft.com/en-in/help/5025271
    KB5025272 URL Logo support.microsoft.com/en-in/help/5025272
    KB5025273 URL Logo support.microsoft.com/en-in/help/5025273
    KB5025277 URL Logo support.microsoft.com/en-in/help/5025277
    KB5025279 URL Logo support.microsoft.com/en-in/help/5025279
    KB5025285 URL Logo support.microsoft.com/en-in/help/5025285
    KB5025287 URL Logo support.microsoft.com/en-in/help/5025287
    KB5025288 URL Logo support.microsoft.com/en-in/help/5025288
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].