CVE-2023-38254
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-38254 is a newly disclosed vulnerability affecting Microsoft Message Queuing (MSMQ) services. This denial-of-service (DoS) issue allows an attacker to send specially crafted messages to a targeted MSMQ queue, resulting in a service crash and subsequent unavailability of the MSMQ server for legitimate users. The vulnerability can be exploited remotely, potentially causing significant disruption to organizations relying on MSMQ for message-based communications. Microsoft has released a patch to address this issue and strongly advises users to apply it as soon as possible to mitigate potential risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Windows Server 2008
- Microsoft Windows Server 2012
- Microsoft Windows Server 2016
- Windows Server 2022
- Microsoft Windows Server 2019
Affected Vendors
- Microsoft