Mitigating Microsoft's vulnerability CVE-2023-36910

Microsoft released the critical vulnerability CVE-2023-36910 rated CVSS 9.8. The Microsoft Message Queuing vulnerability can be exploited without privileges to remotely execute code on vulnerable Windows 10, 11, and Server 2008-2022 systems.

CYBERSECURITY TRENDS

8/11/20231 min read

In the ever-evolving landscape of cybersecurity threats, staying ahead of vulnerabilities is crucial. One such vulnerability that has recently emerged is CVE-2023-36910 rated CVSS 9.8(critical). In this blog post, we'll dive into what CVE-2023-36910 is, its potential impact, and most importantly, how to mitigate its risks to ensure your systems remain secure.

CVE-2023-36910 is a security vulnerability that affects the Microsoft Message Queuing Service (MSMQ) listening on port 1801 and running on vulnerable Windows 10, 11, and Server 2008 - 2022 system (vulnerable system). This vulnerability allows malicious actors to remotely execute code on vulnerably systems without the normally necessary privilege to do so. A malicious actor would need to identify a vulnerable system and then craft and transmit a specifically designed MSMQ packet that contains malicious code to a vulnerable system. If successful, this could lead to the execution of unauthorized code on the server. This can lead to the data loss, reputation loss, and may even result in the installation of a backdoor that allows the hacker to maintain access even after the initial vulnerability is patched.

Mitigation Steps:

To verify that a system is vulnerable first check to see if a service named Message Queuing is running and TCP port 1801 is listening on the machine. If this is not the case your system is not vulnerable. If you do have this service running you will need to determine if it is being used (not common in today's environment). If it is not being used, disable the service. As an extra safety measure, an inbound firewall rule should be implemented to block traffic on TCP port 1801. This will prevent the vulnerability from being exploited if the service is activated at some point in the future.

Do you need assistance identifying or remediating this or any other vulnerability? We can help make and keep your systems and network secure. We provide a variety of tools and services to ensure your endpoints and network are always patched, configured and secured. Contact us for a free evaluation. We can be reached at assistance@matrxtech.com or 404-939-7260.

The Matrx Tech Team