背景
Microsoft Message Queuing是用于实现需要高性能的异步和同步场景的解决方案,了解到攻击者可以利用这个漏洞,向开启了Windows消息队列服务的受影响MSMQ服务器发送特制的MSMQ数据包,并利用主机上的TCP端口1801来实现远程代码执行。具体的漏洞危险程度可以参考以下两个链接:
阿里云漏洞库
微软官方
漏洞利用信息
目前在公共网络上暂时没发现在野利用以及相关的EXP/POC流出。
修复建议
-
MSMQ集成在Windows控制面板-程序-安装/卸载程序当中的一个单独模块,可以进行手动关闭这个功能的措施去修复此漏洞,修复步骤如下:
a) 打开控制面板,右上角的显示为选择分类
b) 点击程序,选择开启或关闭程序
c) 去除勾选Microsoft Message Queue(MSMQ) Server即可
-
如果MSMQ服务是必要的,那么可以选择过滤MSMQ 1801端口的流量,仅开放给那些需要MSMQ服务的服务器; -
微软会在每个月定时更新一次安全补丁,以提高系统安全性,CVE-2023-21554是在2023年4月被披露发现的,微软也在4月份更新了安全补丁,所以定时更新安全补丁也可以修复此漏洞。参考链接: https://msrc.microsoft.com/update-guide/releaseNote/2023-Apr
# 影响范围
受影响的操作系统如下,可以针对以下系统进行排查:
Windows 10 Version 1809 for 32-bit Systems,
Windows 10 Version 1809 for x64-based Systems,
Windows 10 Version 1809 for ARM64-based Systems,
Windows Server 2019,Windows Server 2019 (Server Core installation),
Windows Server 2022,Windows Server 2022 (Server Core installation),
Windows 10 Version 20H2 for x64-based Systems,
Windows 10 Version 20H2 for 32-bit Systems,
Windows 10 Version 20H2 for ARM64-based Systems,
Windows 11 version 21H2 for x64-based Systems,
Windows 11 version 21H2 for ARM64-based Systems,
Windows 10 Version 21H2 for 32-bit Systems,
Windows 10 Version 21H2 for ARM64-based Systems,
Windows 10 Version 21H2 for x64-based Systems,
Windows 11 Version 22H2 for ARM64-based Systems,
Windows 11 Version 22H2 for x64-based Systems,
Windows 10 Version 22H2 for x64-based Systems,
Windows 10 Version 22H2 for ARM64-based Systems,
Windows 10 Version 22H2 for 32-bit Systems,
Windows 10 for 32-bit Systems,
Windows 10 for x64-based Systems,
Windows 10 Version 1607 for 32-bit Systems,
Windows 10 Version 1607 for x64-based Systems,
Windows Server 2016,
Windows Server 2016 (Server Core installation),
Windows Server 2008 for 32-bit Systems Service Pack 2,
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),
Windows Server 2008 for x64-based Systems Service Pack 2,
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),
Windows Server 2008 R2 for x64-based Systems Service Pack 1,
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,
Windows Server 2012 (Server Core installation),Windows Server 2012 R2,
Windows Server 2012 R2 (Server Core installation)。
原文始发于微信公众号(Aaron与安全的那些事):【漏洞通告】Microsoft 消息队列远程代码执行漏洞修复建议
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论