Researchers from Fortinet have discovered three vulnerabilities within the Microsoft Message Queuing (MSMQ) service – a proprietary messaging protocol designed to enable secure communication between applications running on separate computers.
The first vulnerability is resulted from a lack of proper validation in the message header parser routine. Attackers could exploit this flaw to trigger an out-of-bounds read, potentially causing denial-of-service attacks by accessing invalid memory addresses.
The second vulnerability is resulted due to inadequate validation of message headers with arbitrary sizes. Since some message headers are not being validated, the pointer can be adjusted to point to an arbitrary location, an invalid address in this context, and potentially cause memory corruption when the pointer to the message header is dereferenced in the later part of the code.
The third vulnerability resulted from a malformed data structure in the Compound Message header. Attackers leveraged this vulnerability to trigger an out-of-bounds write, affecting the MSMQ kernel mode component, MQAC.SYS. Memory corruption and code execution were possible consequences. Upon discovering these critical vulnerabilities,
FortiGuard Labs promptly informed Microsoft, who responded by releasing security updates in April and July 2023.
Fortinet urged users to update their systems promptly to safeguard against potential cyber threats. Fortinet IPS customers are protected with the following signatures, which were previously released for these vulnerabilities: