CVE-2023-21554
9.892.16%
QueueJumper: Jumping the Line Straight to SYSTEM (CVE-2023-21554)
Alon Barad
Software EngineerJan 27, 2026·6 min read·9 visits
PoC Available
Executive Summary (TL;DR)
If you have the 'Microsoft Message Queuing' service enabled (check port 1801), you are vulnerable to a pre-auth RCE. By sending a crafted packet with a manipulated section header, an attacker can trick the service into writing data outside of its allocated buffer, leading to immediate code execution as the Network Service account. Patch or disable the service immediately.
A critical Remote Code Execution vulnerability in the legacy Microsoft Message Queuing (MSMQ) service allows unauthenticated attackers to execute arbitrary code by sending malformed packets to TCP port 1801.
Official Patches
Technical Appendix
CVSS Score
9.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEPSS Probability
92.16%
Top 0% most exploited
360,000
Estimated exposed hosts via Shodan
Affected Systems
Windows 10 (Version 1507 to 22H2)Windows 11 (Version 21H2, 22H2)Windows Server 2008 R2Windows Server 2012 / 2012 R2Windows Server 2016Windows Server 2019Windows Server 2022
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
Windows 10 Microsoft | 1507 - 22H2 | April 2023 Patch |
Windows Server Microsoft | 2008 - 2022 | April 2023 Patch |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-20 |
| Attack Vector | Network (TCP 1801) |
| CVSS Score | 9.8 (Critical) |
| EPSS Score | 0.92162 |
| Impact | Remote Code Execution (System/Network Service) |
| Exploit Status | PoC Available |
| KEV Status | Not Listed |
MITRE ATT&CK Mapping
CWE-20
Improper Input Validation
Improper Input Validation
Known Exploits & Detection
Vulnerability Timeline
Vulnerability Published by Microsoft
2023-04-11
Check Point Research publishes 'QueueJumper' details
2023-04-11
Public PoCs surface on GitHub
2023-05-01
Metasploit module released
2023-09-01
Subscribe to updates
Get the latest CVE analysis reports delivered to your inbox.