Contents:
On June 11th, Microsoft announced fixing a critical RCE vulnerability in their Message Queuing (MSMQ) technology.
The flaw is tracked CVE-2024-30080 and has a CVSS score of 9.8 out of 10. Security researchers say threat hackers can exploit it remotely to take over Microsoft Servers.
Why patch the MSMQ RCE vulnerability immediately
The flaw only impacts Windows and Windows Server installations that have the Message Queuing Service enabled. This network security threat has a low attack complexity and needs no privileges. The fact that hackers don’t need authentication or user interaction to exploit it makes the flaw more likely to be used.
According to Microsoft, successful exploiting the MSMQ RCE vulnerability can have a high impact on data integrity.
Hackers can exploit CVE-2024-30080 by sending a crafted malicious MSMQ packet to a MSMQ server, via TCP port 1801. Thus, they can obtain remote code execution on the server side.
Patch or disable to stay safe
If you don’t necessarily need to keep port 1801 open, disable it to avoid an attack. Installing only the apps that you need for fulfilling a certain task and closing all the ports you don’t use are strong prevention measures.
However, if you do need to use port 1801 on your Windows server, prioritize applying the available patch for CVE-2024-30080.
Patching in time closes the vulnerability and reduces the attack surface.
System Administrator Alex Panait says that not all Windows updates are deployed automatically:
If you’re not aware this is happening and you need to act, the vulnerability will remain open for hackers to exploit it. Microsoft can push all updates. But you need a centralized location to manage the updates and make sure they get installed.
This makes the patching process a time and resources consuming task, especially in large infrastructures. But an automated patch management tool, like Heimdal’s, can help close flaws in only a few clicks. Get in touch for a quick, free demo.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Heimdal® Patch & Asset Management Software
- Schedule updates at your convenience;
- See any software assets in inventory;
- Global deployment and LAN P2P;
- And much more than we can fit in here...