Critical Vulnerabilities in Microsoft Message Queuing Service (MSMQ)

Three vulnerabilities were discovered in the Microsoft Message Queuing (MSMQ) service, a messaging protocol that facilitates secure communication between applications on separate computers. FortiGuard Labs, Fortinet's cybersecurity research arm, disclosed these flaws in a recent advisory.

CVE-2023-28302 (CVSS Score 9.8) - This vulnerability arises from inadequate validation in the message header parser routine. This flaw could be exploited by attackers to trigger an out-of-bounds read, potentially leading to denial-of-service attacks by accessing invalid memory addresses. While Fortinet clarified that an information disclosure exploit appears unlikely, a denial-of-service attack could still be achieved if the out-of-bound read accesses an invalid address.

CVE-2023-21554 (CVSS Score 9.8) - This vulnerability stems from insufficient validation of message headers with arbitrary sizes. Due to this oversight, a pointer can be manipulated to point to an arbitrary location, specifically an invalid address, which may result in memory corruption when the pointer is dereferenced later in the code.

The third vulnerability is caused by a malformed data structure in the CompoundMessage header. Attackers exploit this flaw to initiate an out-of-bounds write, affecting the MSMQ kernel mode component, MQAC.SYS. This could lead to memory corruption and potential code execution.

Upon discovering these critical vulnerabilities, FortiGuard Labs promptly alerted Microsoft. Subsequently, Microsoft responded by releasing security updates in April and July 2023 to address these issues. Users are strongly advised to promptly update their systems with these patches to safeguard against potential cyber threats.