Attacker Value
High
(2 users assessed)
Exploitability
Moderate
(2 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
5

CVE-2024-30080

Disclosure Date: June 11, 2024
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated
Initial Access
Techniques
Validation
Validated
Persistence
Techniques
Validation
Validated

Description

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Add Assessment

4
Ratings
  • Attacker Value
    High
  • Exploitability
    Low
Technical Analysis

This vulnerability flew under my radar until I saw the results of the 2024 pwnie awards and couldn’t help but notice how it won the award for “Best RCE”. This vulnerability in the Microsoft Messaging Queue Service is a critical pre-authenticated remote code execution vulnerability with a CVSS score of 9.8. It affects all Windows versions from Server 2008 to Server 2022, and Windows 10 and 11, the flaw stems from a use-after-free issue triggered via an HTTP-based protocol. The vulnerable object is fully controllable, heightening the exploitation risk. Notably, the bug was discovered through an overlooked RPC client pattern.

By default MSMQ is not enabled on Windows. However, when you install popular applications such as Microsoft Exchange, it gets enabled during the installation process. Given popularity of the service among common applications a scan of the internet last year by CheckPointResearch found that ~360,000 IPs have the 1801/tcp open to the Internet and are running the MSMQ service.

Currently there is no publicly available PoC, however if one were to be released I would assume we would see exploitation in the wild, given the large internet facing footprint of MSMQ.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • microsoft

Products

  • windows 10 1507,
  • windows 10 1607,
  • windows 10 1809,
  • windows 10 21h1,
  • windows 11 21h2,
  • windows 11 22h2,
  • windows 11 23h2,
  • windows server 2008 -,
  • windows server 2008 r2,
  • windows server 2012 -,
  • windows server 2012 r2,
  • windows server 2016 -,
  • windows server 2019,
  • windows server 2022,
  • windows server 2022 23h2

Additional Info

Technical Analysis