Heimdal
Home > Cybersecurity News

MSMQ Vulnerability Allows Hackers to Takeover Microsoft Servers

All Versions from Windows Server 2008 to Windows 10 Are Vulnerable.

Last updated on June 12, 2024

article featured image

Contents:

On June 11th, Microsoft announced fixing a critical RCE vulnerability in their Message Queuing (MSMQ) technology.

The flaw is tracked CVE-2024-30080 and has a CVSS score of 9.8 out of 10. Security researchers say threat hackers can exploit it remotely to take over Microsoft Servers.

Why patch the MSMQ RCE vulnerability immediately

The flaw only impacts Windows and Windows Server installations that have the Message Queuing Service enabled. This network security threat has a low attack complexity and needs no privileges. The fact that hackers don’t need authentication or user interaction to exploit it makes the flaw more likely to be used.

According to Microsoft, successful exploiting the MSMQ RCE vulnerability can have a high impact on data integrity.

Hackers can exploit CVE-2024-30080 by sending a crafted malicious MSMQ packet to a MSMQ server, via TCP port 1801. Thus, they can obtain remote code execution on the server side.

Patch or disable to stay safe

If you don’t necessarily need to keep port 1801 open, disable it to avoid an attack. Installing only the apps that you need for fulfilling a certain task and closing all the ports you don’t use are strong prevention measures.

However, if you do need to use port 1801 on your Windows server, prioritize applying the available patch for CVE-2024-30080.

Patching in time closes the vulnerability and reduces the attack surface.

System Administrator Alex Panait says that not all Windows updates are deployed automatically:

If you’re not aware this is happening and you need to act, the vulnerability will remain open for hackers to exploit it.  Microsoft can push all updates. But you need a centralized location to manage the updates and make sure they get installed.

This makes the patching process a time and resources consuming task, especially in large infrastructures. But an automated patch management tool, like Heimdal’s, can help close flaws in only a few clicks. Get in touch for a quick, free demo.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Heimdal Official Logo
Automate your patch management routine.

Heimdal® Patch & Asset Management Software

Remotely and automatically install Windows, Linux and 3rd party application updates and manage your software inventory.
  • Schedule updates at your convenience;
  • See any software assets in inventory;
  • Global deployment and LAN P2P;
  • And much more than we can fit in here...
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

A System Administrator’s Challenges in Patch ManagementThe 7 Key Steps of the Effective Patch Management Process12 Best Vulnerability Management Systems & Tools 2024Automated Patch Management Explained: Definition, Benefits, Best Practices & MoreWhat Is Patch Management? Definition, Process, Benefits, and Best Practices [UPDATED 2024]Attack Surface Management: Definition, Importance, and Implementation

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V