In the latest Patch Tuesday, on June 11, 2024 Microsoft disclosed fixing a substantial number of flaws, including a remote code execution vulnerability in Microsoft Message Queuing (MSMQ). It plagues the selection of Windows and Windows Server versions, including ones that reached end of life to the moment. At the time, no exploitation facts were detected, though it is always the matter of time for this to happen after the official disclosure.
Critical MSMQ RCE Vulnerability Fixed
In the second Patch Tuesday of July 2024, Microsoft reported about fixing 51 vulnerabilities. Among them, one particular flaw draws attention, mainly due to the excessively high CVSS rating of 9.8. The flaw in MSMQ affects a huge selection of Windows and Windows Server versions, starting from Windows Server 2008.
Vulnerability coined CVE-2024-30080 sits in the way MSMQ server handles the messages. Due to an improper behavior of the memory used in the request handling, it is possible to make the server run the code from the message. Message Queuing system is a built-in Windows messaging protocol that allows communication between applications that are running on different machines in the same network. A hacker can send a specially crafted message, that will force MSMQ on the receiving end to execute code, ingrained into the message.
Remote code execution flaws are among the most severe vulnerabilities, due to the variety of effects they can lead to. This one, however, has its severity buffed even more due to how easy it can be exploited. Adversaries do not need any authentication, so CVE-2024-30080 may easily become an entry point. Even though there are no known exploitation cases, as I’ve said in the introduction, they will likely appear – and even Microsoft acknowledges this.
Microsoft Releases Fixes for CVE-2024-30080
As the vulnerability was disclosed within the course of a Patch Tuesday, it immediately got a fix. Microsoft offers an update to all affected Windows versions, even ones that have already reached end of life. For consumer versions, they start from Windows 10 1607 – one of the earliest major updates to W10.
How dangerous is it for home users? Not really. MSMQ is an optional feature that system administrators will activate during the setup of the messaging system. It is not likely for home users to have this thing present in the system in any way. However, this may not be true for someone who moved their office workstation home, keeping all the settings unchanged. In any case, installing security updates for Windows as they appear is a good practice.
