Patch Tuesday – Microsoft Message Queueing vulnerability
This live blog contains information regarding a vulnerability in Patch Tuesday – Microsoft Message Queueing. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on August 9, 2023.
T-Update
This live blog contains information regarding a vulnerability in Patch Tuesday – Microsoft Message Queueing. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on August 9, 2023.
Update 8 August 2023
15:00 | During the patch Tuesday of August 2023, Microsoft has fixed three vulnerabilities in the Microsoft Message Queuing service. The vulnerabilities are registered as CVE-2023-35385, CVE-2023-36910, and CVE-2023-36911. They allow a remote unauthenticated attacker to execute arbitrary code by sending a specially crafted network packet to the Microsoft Message Queueing service.
This relative unknown Microsoft component is part of the standard installation of Microsoft Exchange servers.
Microsoft has published security patches for the vulnerability. It is advised to apply the security patches as soon as possible. Additionally, it is advised not to expose the service on the internet.
Achtergrond
During the patch Tuesday of August 2023, Microsoft has fixed three vulnerabilities in the Microsoft Message Queuing service. The vulnerabilities are registered as CVE-2023-35385, CVE-2023-36910, and CVE-2023-36911. They allow a remote unauthenticated attacker to execute arbitrary code by sending a specially crafted network packet to the Microsoft Message Queueing service. This relative unknown Microsoft component is part of the standard installation of Microsoft Exchange servers. Microsoft has published security patches for the vulnerability. It is advised to apply the security patches as soon as possible. Additionally, it is advised not to expose the service on the internet.
Risico
The vulnerabilities CVE-2023-35385, CVE-2023-36910, and CVE-2023-36911 have a CVSSv3-score of 9.8. The CVSS-scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact. All three vulnerabilities are unauthenticated remote code execution vulnerabilities, allowing an unauthenticated remote attacker to execute code.
The vulnerability can be exploited by sending a special crafted network packet to the Microsoft Message Queueing service on port 1801/TCP. Depending on the use case of the service, the impact can be significant. The Microsoft Message Queueing service is part of a standard Microsoft Exchange server installation.
Advies
The vulnerability exists in all supported versions of Microsoft Windows with the Microsoft Message Queueing Service installed. Microsoft has published patches as part of the Patch Tuesday of August 2023. Additionally, it is advised not to publicly expose port 1801/TCP, which is used by the service.
More details can be found in the Microsoft update guide:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35385
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36910
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36911
If any suspicious or malicious activity is detected in relation to this article, please contact T-CERT. The Tesorion Computer Emergency Response Team offers specialist support 24/7. In emergencies, we immediately conduct an initial assessment by telephone and do all we can to get the situation under control as soon as possible.
Schrijf je in voor T-Updates
Ontvang elke woensdag het laatste nieuws over malware of kwetsbaarheden in je mail
More than 1,000 organizations have already joined us.
