LAST UPDATED: 2023-04-13
This report identifies accessible Microsoft Message Queuing (MSMQ) servers on port 1801/TCP. This service may be optionally enabled on Windows operating systems, including Windows Server 2022 and Windows 11.
According to Microsoft, Microsoft Message Queuing is a message infrastructure and a development platform for creating distributed, loosely-coupled messaging applications for the Microsoft® Windows® operating system. Message Queuing applications can use the Message Queuing infrastructure to communicate across heterogeneous networks and with computers that may be offline. Message Queuing provides guaranteed message delivery, efficient routing, security, transaction support, and priority-based messaging.
On April 11th 2023, Checkpoint published information about multiple vulnerabilities in the service on Windows which they named QUEUEJUMPER: CRITICAL UNAUTHENTICATED RCE VULNERABILITY IN MSMQ SERVICE.
This includes CVE-2023-21554 (QueueJumper), an unauthenticated remote code execution vulnerability.
These vulnerabilities were patched by Microsoft on the 11th April 2023.
For more details on the background of QueueJumper please read the Checkpoint publication.
How we scan
Please note we do not test for the actual vulnerabilities mentioned, we simply check for the exposure of the MSMQ service.
We scan by sending a request to establish an MSMQ connection.
We do not perform any intrusive checks on a discovered service.
As of 2023-04-12, we identify 403K accessible MSMQ services.
You can track accessible MSMQ servers on our Dashboard here.
There is no good reason to expose the MSMQ service to the public Internet. If you receive a report from us with an accessible MSMQ service, make sure to block 1801/tcp on your network perimeter immediately (or to trusted sources, if there is a valid business case) and patch.
For more information on our scanning efforts, check out our Internet scanning summary page.
This report has an IPv4 and IPv6 version.
Filename: population_msmq, population6_msmq