PoC released for Microsoft Message Queuing Exploit

Microsoft's Message Queuing-MSMQ service, an integral part of the Windows operating system, has been found to harbor a serious security.

Identified as CVE-2023-21554 and ranked with a high CVSS score of 9,8, it is a critical threat for cyberattacks, allowing hackers to execute remotely and without any form of certification.


This discovery was made by the Check Point Research team, which reported the flaw to Microsoft. Fixed in the April Patch Tuesday update. However, the risk is far from completely eliminated.

MSMQ is a critical piece of the Windows infrastructure – a messaging and development platform designed to build connected, distributed messaging applications. It ensures guaranteed message delivery, efficient routing, security, trading and messaging based on priority.

Its flexible capabilities allow applications to communicate across a variety of networks and even with offline computers. But beneath this veneer of usefulness lay a sleeping dragon.

The vulnerability allowed an attacker to exploit the system via TCP port 1801, potentially gaining control of the entire process by simply sending a malicious y to this port, thus enabling the vulnerability. Malicious use enables remote access of code without needing any form of authorization and essentially opened Aeolus' pockets to possible .

“To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to an MSMQ server. This could lead to remote server-side code execution," Microsoft said.

Providing a technical analysis, researcher Zoemurmure developed a Proof-of-Concept (PoC) for exploiting the CVE-2023-21554 flaw. This PoC, by adapting itself to the target machine's IP address, was able to execute a process that caused the mqsvc.exe service process to crash. However, the sneaky nature of the exploit means that there would be no visible dialog information. One could only detect this anomaly through a process monitor, highlighting the stealth with which this vulnerability operates.

2023 21554

A point of code (PoC) has been made available for the CVE-2023-21554 vulnerability, making it imperative that users move quickly to apply fixes.

iGuRu.gr The Best Technology Site in Greecefgns


Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).