Fortinet published a report with details on three vulnerabilities impacting the Microsoft Message Queuing (MSMQ) service. Microsoft released patches for the critical and high-severity flaws this month, and the company has advised customers to update their systems immediately.
CVE-2023-21554 is the most severe flaw with a CVSS score of 9.8. The vulnerability is caused by the message header parser failing to validate the arbitrary size and length of headers. The bug can be exploited to cause memory corruption. CVE-2023-28302 is the second-most severe vulnerability with a CVSS score of 7.5. This bug is also an out-of-bounds flaw that occurs when the data structure for the header is not validated. The third flaw does not have a CVE identifier or CVSS rating, and it occurs when data is dereferenced without sanity checks in specific functions. All of these vulnerabilities can be exploited in a denial-of-service attack on non-updated systems.
Read More: