QueueJumper: Critical Unauthenticated RCE Vulnerability in MSMQ Service | allinfosecnews.com

April 17, 2023, 12:51 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Executive Summary

Check Point Research recently discovered three vulnerabilities in the “Microsoft Message Queuing” service, commonly known as MSMQ. These vulnerabilities were disclosed to Microsoft and patched in the April Patch Tuesday update. The most severe of these, dubbed QueueJumper by CPR (CVE-2023-21554), is a critical vulnerability that could allow unauthenticated attackers to remotely execute arbitrary code in the context of the Windows service process mqsvc.exe.

Check Point Research (CPR) is releasing this blog after the patch was implemented to …

april attackers awareness blog check check point code context critical critical vulnerability cve cve-2023-21554 defense executive insights malware analysis message microsoft mitigation msmq patch patch tuesday point process rce research service tuesday update vulnerabilities vulnerability windows

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Leveling the cybersecurity playing field an hour ago | malware.news

article blumira cybersecurity entry +4

Hardware cybersecurity leader, Flexxon, introduces Server Defender an hour ago | malware.news

advanced article cybersecurity defender +8

Automated pentesting in the cloud an hour ago | malware.news

article automated challenge cloud +10

How to revamp your cybersecurity in the middle of the chaos an hour ago | malware.news

article attackers chaos cybersecurity +8

6K-plus AI models may be affected by critical RCE vulnerability 3 hours ago | malware.news

ai models article attacks critical +14

Zscaler annual phishing report finds a near 60% increase in phishing attacks in 2023 4 hours ago | malware.news

article attacks link media +6

Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & More - SWN #387 5 hours ago | malware.news

amp article cisa deepfakes +8

Exploring Adlumin's Impactful Role in SMB Cybersecurity with CEO Robert Johnson and NightDragon's Dave DeWalt 6 hours ago | malware.news

2024 rsa conference adlumin ceo challenges +22

Malicious Life Podcast: Unmasking Secrets: The Rise of Open-Source Intelligence 6 hours ago | malware.news

airlines data dive episode +19

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Senior Cloud Security Engineer

@ Hearst | Charlotte, NC, United States

View on infosec-jobs.com

Junior Cybersecurity Analyst

@ SavageOne | Johannesburg, GP, South Africa

View on infosec-jobs.com

Information Security Risk Analyst

@ Take-Two Interactive Software, Inc. | Bengaluru, Karnataka, India

View on infosec-jobs.com