CVE-2023-36910
published 2023-08-08CVE-2023-36910: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.35%
81.5th percentile
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | < 10.0.10240.20107 | 10.0.10240.20107 |
| microsoft | windows_10_1607 | < 10.0.14393.6167 | 10.0.14393.6167 |
| microsoft | windows_10_1809 | < 10.0.17763.4737 | 10.0.17763.4737 |
| microsoft | windows_10_21h2 | < 10.0.19044.3324 | 10.0.19044.3324 |
| microsoft | windows_10_22h2 | < 10.0.19045.3324 | 10.0.19045.3324 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20107 | 10.0.10240.20107 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.6167 | 10.0.14393.6167 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4737 | 10.0.17763.4737 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4737 | 10.0.17763.4737 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3324 | 10.0.19044.3324 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3324 | 10.0.19045.3324 |
| microsoft | windows_11_21h2 | < 10.0.22000.2295 | 10.0.22000.2295 |
| microsoft | windows_11_22h2 | < 10.0.22621.2134 | 10.0.22621.2134 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2295 | 10.0.22000.2295 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.2134 | 10.0.22621.2134 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.26664 | 6.1.7601.26664 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22216 | 6.0.6003.22216 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24414 | 6.2.9200.24414 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21503 | 6.3.9600.21503 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6167 | 10.0.14393.6167 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4737 | 10.0.17763.4737 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.1906 | 10.0.20348.1906 |
| msrc | windows_10 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring for specially crafted malicious MSMQ packets sent to a MSMQ server on TCP port 1801. ↗
- →Check for the Message Queuing service running and TCP port 1801 listening to identify exposed/vulnerable systems. ↗
- →The vulnerability can be exploited remotely and without privileges; monitor for unauthenticated inbound connections to TCP/1801 from external or unexpected sources. ↗
- ·MSMQ (Windows Message Queuing service) is NOT enabled by default; systems are only vulnerable if the service has been explicitly enabled. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
vendor_msrc·2023-08-08·CVSS 9.8
CVE-2023-36910 [CRITICAL] CWE-190 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
FAQ: How could an attacker exploit the vulnerability?
To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.
Windows Message Queuing: Windows Message Queuing
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029247
Reference: https://support.microsoft.com/help/5029247
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5029250
Reference: https://support.mic
GHSA
GHSA-5vgj-hqrc-gx52: Microsoft Message Queuing Remote Code Execution Vulnerability
ghsa_unreviewed·2023-08-08
CVE-2023-36910 [CRITICAL] GHSA-5vgj-hqrc-gx52: Microsoft Message Queuing Remote Code Execution Vulnerability
Microsoft Message Queuing Remote Code Execution Vulnerability
No detection rules found.
No public exploits indexed.
Tenable
Microsoft’s October 2023 Patch Tuesday Addresses 103 CVEs (CVE-2023-36563, CVE-2023-41763)
blogs_tenable·2023-10-10·CVSS 6.5
[MEDIUM] Microsoft’s October 2023 Patch Tuesday Addresses 103 CVEs (CVE-2023-36563, CVE-2023-41763)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Microsoft Patch Tuesday, August 2023 Edition
blogs_krebs·2023-08-09·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday, August 2023 Edition
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild.
Six of the flaws fixed today earned Microsoft’s “critical” rating, meaning malware or miscreants could use them to install software on a vulnerable Windows system without any help from users.
Last month, Microsoft acknowledged a series of zero-day vulnerabilities in a variety of Microsoft products that were discovered and exploited in-the-wild attacks. They were assigned a single placeholder designation of CVE-2023-36884 .
Satnam Narang , senior staff research engineer at Tenable, said the August patch batch addresses CVE-2023-36884 , which involves bypassing the Windows
Krebs
Microsoft Patch Tuesday, August 2023 Edition
blogs_krebs·2023-08-09·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday, August 2023 Edition
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild.
Six of the flaws fixed today earned Microsoft’s “critical” rating, meaning malware or miscreants could use them to install software on a vulnerable Windows system without any help from users.
Last month, Microsoft acknowledged a series of zero-day vulnerabilities in a variety of Microsoft products that were discovered and exploited in-the-wild attacks. They were assigned a single placeholder designation of CVE-2023-36884.
Satnam Narang, senior staff research engineer at Tenable, said the August patch batch addresses CVE-2023-36884, which involves bypassing the Windows Se
Talos
Six critical vulnerabilities included in August’s Microsoft security update
blogs_talos·2023-08-08·CVSS 8.8
[HIGH] Six critical vulnerabilities included in August’s Microsoft security update
Microsoft disclosed 73 vulnerabilities across its suite of products and software Tuesday, including six that are considered “critical.”
One of the vulnerabilities, which Microsoft considers to be only of "moderate" severity, has been actively exploited in the wild. The company has had to address many zero-day vulnerabilities in its monthly security updates this year, including four last month and one in May. Microsoft also released an advisory detailing changes to its defense-in-depth model to defend against tactics adversaries are currently using in the wild.
Outside of the six critical issues, two are considered to be of “moderate” severity, while the remainder are listed as “important.”
Two of the critical vulnerabilities lie in Microsoft Teams, the company’s popular collaboration an
Talos
Six critical vulnerabilities included in August’s Microsoft security update
blogs_talos·2023-08-08·CVSS 8.8
[HIGH] Six critical vulnerabilities included in August’s Microsoft security update
## Six critical vulnerabilities included in August’s Microsoft security update
Microsoft disclosed 73 vulnerabilities across its suite of products and software Tuesday, including six that are considered “critical.”
One of the vulnerabilities, which Microsoft considers to be only of "moderate" severity, has been actively exploited in the wild. The company has had to address many zero-day vulnerabilities in its monthly security updates this year, including four last month and one in May . Microsoft also released an advisory detailing changes to its defense-in-depth model to defend against tactics adversaries are currently using in the wild.
Outside of the six critical issues, two are considered to be of “moderate” severity, while the remainder are listed as “important.”
Two of the critic
Qualys
Microsoft and Adobe Patch Tuesday, August 2023 Security Update Review
blogs_qualys·2023-08-08
Microsoft and Adobe Patch Tuesday, August 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for August 2023
Adobe Patches for August 2023
Zero-day Vulnerabilities Patched in August Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in August Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
Qualys Monthly Webinar Series
Microsoft has released its August edition of Patch Tuesday. This month’s updates have addressed 89 security vulnerabilities in multiple products, features, and roles.
## Microsof
Tenable
Microsoft’s August 2023 Patch Tuesday Addresses 73 CVEs (CVE-2023-38180)
blogs_tenable·2023-08-08·CVSS 7.5
[HIGH] Microsoft’s August 2023 Patch Tuesday Addresses 73 CVEs (CVE-2023-38180)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Microsoft Patch Tuesday & Adobe August 2023 Security Fixes | Qualys
blogs_qualys·2023-08-08
Microsoft Patch Tuesday & Adobe August 2023 Security Fixes | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for August 2023
- Adobe Patches for August 2023
- Zero-day Vulnerabilities Patched in August Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in August Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
- Qualys Monthly Webinar Series
Microsoft has released its August edition of Patch Tuesday. This month’s updates have addressed 89 security vulnerabilities in multiple products, features, and roles
Crowdstrike
August 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2023 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2023-08-08
Published