Remote Code Execution Vulnerability Affects Microsoft MSMQ
CVE-2024-30080

9.8CRITICAL

Key Information:

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
11 June 2024

Badges

📈 Trended📈 Score: 5,230👾 Exploit Exists🟣 EPSS 15%📰 News Worthy

What is CVE-2024-30080?

CVE-2024-30080 is a critical remote code execution vulnerability found in Microsoft Message Queuing (MSMQ), a messaging protocol that facilitates communication between distributed applications. This vulnerability could allow malicious actors to execute arbitrary code on affected systems, potentially leading to significant disruptions within organizations. Given the essential role MSMQ plays in handling message delivery across applications, a successful exploitation of this vulnerability could compromise system integrity and lead to unauthorized access to sensitive data.

Technical Details

The vulnerability occurs due to improper handling of message queuing processes, allowing attackers to send specially crafted messages that trigger unexpected behavior in the MSMQ service. Exploiting this flaw requires network access, which means that the attacker must have the capability to send messages to the MSMQ service. The underlying software architecture and mechanisms used in MSMQ contribute to this vulnerability, as they may not adequately validate input from external sources.

Impact of the Vulnerability

  1. Remote Code Execution: Exploiting CVE-2024-30080 can lead to unauthorized execution of arbitrary code. This could allow attackers to take control of the affected systems, compromising their operation and security.

  2. Data Breach Potential: With the ability to execute code remotely, attackers can gain access to sensitive information stored in the system. This raises the risk of data breaches and the potential for sensitive data to be stolen or manipulated.

  3. System Downtime and Disruption: The exploitation of this vulnerability could result in systems being rendered inoperative or unstable, leading to significant operational disruptions for organizations relying on MSMQ for crucial tasks. This could impact business continuity and result in financial losses.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20680

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7070

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.5936

News Articles

favicon imageThe Stack

Microsoft updates mitigation for “wormable” CVE-2024-30080

Microsoft has updated its mitigation guidance for CVE-2024-30080 – a critical remote code execution (RCE) server side vulnerability in MSMQ that...

favicon imageSpiceworks

June 2024 Patch Tuesday - Spiceworks

Only one of the 51 patches released by Microsoft on June Patch Tuesday for a publicly known zero-day exploit.

favicon imageGBHackers on Security

Microsoft Urges Windows Admins to Patch Microsoft Message Queuing RCE Flaw

Microsoft has disclosed two Critical remote code execution vulnerabilities that existed in MSMQ (Microsoft Message Queuing) and Windows

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

.