Attacker Value
High
(2 users assessed)
Exploitability
Moderate
(2 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
5

CVE-2024-30080

Disclosure Date: June 11, 2024
CVE-2024-30080 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated
Initial Access
Techniques
Validation
Validated
Persistence
Techniques
Validation
Validated

Description

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Add Assessment

4
Ratings
  • Attacker Value
    High
  • Exploitability
    Low
Common in enterpriseUnauthenticatedDifficult to weaponize
Technical Analysis

This vulnerability flew under my radar until I saw the results of the 2024 pwnie awards and couldn’t help but notice how it won the award for “Best RCE”. This vulnerability in the Microsoft Messaging Queue Service is a critical pre-authenticated remote code execution vulnerability with a CVSS score of 9.8. It affects all Windows versions from Server 2008 to Server 2022, and Windows 10 and 11, the flaw stems from a use-after-free issue triggered via an HTTP-based protocol. The vulnerable object is fully controllable, heightening the exploitation risk. Notably, the bug was discovered through an overlooked RPC client pattern.

By default MSMQ is not enabled on Windows. However, when you install popular applications such as Microsoft Exchange, it gets enabled during the installation process. Given popularity of the service among common applications a scan of the internet last year by CheckPointResearch found that ~360,000 IPs have the 1801/tcp open to the Internet and are running the MSMQ service.

Currently there is no publicly available PoC, however if one were to be released I would assume we would see exploitation in the wild, given the large internet facing footprint of MSMQ.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Windows 10 Version 1809 10.0.17763.5936
Windows Server 2019 10.0.17763.5936
Windows Server 2019 (Server Core installation) 10.0.17763.5936
Windows Server 2022 10.0.20348.2527
Windows 11 version 21H2 10.0.22000.3019
Windows 10 Version 21H2 10.0.19044.4529
Windows 11 version 22H2 10.0.22621.3737
Windows 10 Version 22H2 10.0.19045.4529
Windows 11 version 22H3 10.0.22631.3737
Windows 11 Version 23H2 10.0.22631.3737
Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.950
Windows 10 Version 1507 10.0.10240.20680
Windows 10 Version 1607 10.0.14393.7070
Windows Server 2016 10.0.14393.7070
Windows Server 2016 (Server Core installation) 10.0.14393.7070
Windows Server 2008 Service Pack 2 6.0.6003.22720
Windows Server 2008 Service Pack 2 (Server Core installation) 6.0.6003.22720
Windows Server 2008 Service Pack 2 6.0.6003.22720
Windows Server 2008 R2 Service Pack 1 6.1.7601.27170
Windows Server 2008 R2 Service Pack 1 (Server Core installation) 6.1.7601.27170
Windows Server 2012 6.2.9200.24919
Windows Server 2012 (Server Core installation) 6.2.9200.24919
Windows Server 2012 R2 6.3.9600.22023
Windows Server 2012 R2 (Server Core installation) 6.3.9600.22023
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • microsoft

Products

  • windows 10 1507,
  • windows 10 1607,
  • windows 10 1809,
  • windows 10 21h1,
  • windows 11 21h2,
  • windows 11 22h2,
  • windows 11 23h2,
  • windows server 2008 -,
  • windows server 2008 r2,
  • windows server 2012 -,
  • windows server 2012 r2,
  • windows server 2016 -,
  • windows server 2019,
  • windows server 2022,
  • windows server 2022 23h2

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis