Rule Document 1:65241

Report a false positive

Rule Category

OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)

Alert Message

OS-WINDOWS Microsoft Windows MSMQ denial of service attempt

Rule Explanation

This rule looks for bytes in MSMQ traffic that abuse a use after free vulnerability in MSMQ servers.

What To Look For

This rule alerts on attempts to exploit a use after free vulnerability in Microsoft Message Queuing (MSMQ).

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

Rule Categories::Server::Other

MITRE::ATT&CK Framework::Enterprise::Impact::Endpoint Denial of Service::Application or System Exploitation

Vulnerability::Severity::Critical

Vulnerability::Severity::High

CVE

CVE-2025-50177

Additional Links

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50177

Rule Vulnerability

Use After Free

Use After Free (UAF) attacks target computer memory flaws to corrupt the memory execute code. The name refers to attempts to use memory after it has been freed, which can cause a program to crash under normal circumstances, or result in remote code execution in a successful attack.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2025-50177
 Loading description