PT-2026-40614

Date: May 13, 2026 Status: ACTIVE GLOBAL EXPLOITATION / CORE INFRASTRUCTURE SHATTER Target: Microsoft Message Queuing MSMQ, all versions through Windows Server 2025 Severity: 9.8 MAXIMUM CRITICAL Unauthenticated Remote Code Execution 1. Analysis: Why "Queue-Shatter" is Today's Apex Threat While t...

Exploit for Improper Input Validation in Microsoft

PoC exploit for CVE-2023-21554, a vulnerability in MSMQ. The tar...

Exploit for Improper Input Validation in Microsoft

PoC exploit for CVE-2023-21554, a vulnerability in MSMQ. The tar...

Microsoft Patch Tuesday for April 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly round of security updates and patches today, continuing its trend of fixing zero-day vulnerabilities on Patch Tuesday. Aprils security update includes one vulnerability thats actively being exploited in the wild. There are also eight critical vulnerabilities and the...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

CVE-2021-25274

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ Microsoft Message Queue and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...

CVE-2021-25274

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ Microsoft Message Queue and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...

Design/Logic Flaw

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ Microsoft Message Queue and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...

CVE-2021-25274

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ Microsoft Message Queue and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...

SolarWinds Orion Platform Unauthenticated RCE (CVE-2021-25274)

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ Microsoft Message Queue and doesn’t set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...