Check Point Research recently discovered three vulnerabilities in the ‘Microsoft Message Queuing’ service, commonly known as MSMQ. These vulnerabilities were disclosed to Microsoft and patched in the April Patch Tuesday update.
The most severe of these, dubbed QueueJumper by CPR (CVE-2023-21554), is a critical vulnerability that could allow unauthorised attackers to remotely execute arbitrary code in the context of the Windows service process mqsvc.exe.