Critical Flaws Found in Microsoft Message Queuing Service

Written by

Three vulnerabilities have been discovered within the Microsoft Message Queuing (MSMQ) service – a proprietary messaging protocol designed to enable secure communication between applications running on separate computers.

FortiGuard Labs, the cybersecurity research arm of Fortinet, described the flaws in an advisory published on Monday.

The first of them resulted from a lack of proper validation in the message header parser routine. Attackers could exploit this flaw to trigger an out-of-bounds read, potentially causing denial-of-service attacks by accessing invalid memory addresses.

Read more on similar vulnerabilities: TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices

“Based on our analysis, an information disclosure exploit seems implausible,” Fortinet clarified. “However, a denial-of-service attack can be achieved when the out-of-bound read accesses an invalid address.”

The second vulnerability occurred due to inadequate validation of message headers with arbitrary sizes. 

“Since some message headers are not being validated, the pointer can be adjusted to point to an arbitrary location, an invalid address in this context, and potentially cause memory corruption when the pointer to the message header is dereferenced in the later part of the code,” reads the advisory.

The final vulnerability resulted from a malformed data structure in the CompoundMessage header. Attackers leveraged this vulnerability to trigger an out-of-bounds write, affecting the MSMQ kernel mode component, MQAC.SYS. Memory corruption and code execution were possible consequences.

Upon discovering these critical vulnerabilities, FortiGuard Labs promptly informed Microsoft, who responded by releasing security updates in April and July 2023. 

The company urged users to update their systems promptly to safeguard against potential cyber threats.

“We can’t emphasize enough the urgency to apply the latest Microsoft patches to prevent you or your organization from falling victim to a devastating cyber-attack.”

More information about patches released by Microsoft is available in this article about the company’s latest Patch Tuesday roundup, published in the second week of July.

What’s hot on Infosecurity Magazine?