CVE-2023-38254

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 8, 2023
Updated: Jan 1, 2025
CWE ID 20

Summary

CVE-2023-38254 is a newly disclosed vulnerability affecting Microsoft Message Queuing (MSMQ) services. This denial-of-service (DoS) issue allows an attacker to send specially crafted messages to a targeted MSMQ queue, resulting in a service crash and subsequent unavailability of the MSMQ server for legitimate users. The vulnerability can be exploited remotely, potentially causing significant disruption to organizations relying on MSMQ for message-based communications. Microsoft has released a patch to address this issue and strongly advises users to apply it as soon as possible to mitigate potential risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2016
  • Windows Server 2022
  • Microsoft Windows Server 2019

Affected Vendors

  • Microsoft