🐾 - 🚨 Microsoft MSMQ server reply - Legacy Windows 🪟 Service enabled - Windows Client OS

SID: 3300157Rev: 30 views
Sourcepawpatrules
CreatedApril 18, 2023
UpdatedApril 19, 2023
Classificationpolicy-violation
alert tcp any 1801 -> any any (msg:"🐾 - 🚨 Microsoft MSMQ server reply - Legacy Windows 🪟 Service enabled - Windows Client OS"; flow:to_client, stateless; content:"|10 5a 0b 00 4c 49 4f 52 3c 02 00 00 ff ff ff ff 00 00|"; content:"|10|"; distance:38; content:"|01|"; distance:0; content:"|00 00 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a|"; fast_pattern; distance:0; reference:url,https://learn.microsoft.com/en-us/previous-versions/windows/desktop/msmq/ms703216(v=vs.85); reference:url,https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/; reference:url,https://gist.github.com/goncalor/a01ba66927c0dc704000d7bf1327d36e; reference:url,https://censys.io/cve-2023-21554/; metadata:created_at 2023_04_18, updated_at 2023_04_19; sid:3300157; rev:3; classtype:policy-violation;)

References

urlhttps://learn.microsoft.com/en-us/previous-versions/windows/desktop/msmq/ms703216(v=vs.85)
urlhttps://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/
urlhttps://gist.github.com/goncalor/a01ba66927c0dc704000d7bf1327d36e
urlhttps://censys.io/cve-2023-21554/

Metadata

created at2023_04_18
updated at2023_04_19

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!