Critical RCE Vulnerabilities Expose Unpatched Servers and MSMQ QueueJumper: Analysis

PaperCut's NG/MF print management software has fixed a critical security vulnerability (CVE-2023-39143) that allows unauthenticated attackers to execute remote code on unpatched Windows servers. The flaw stems from two path traversal weaknesses, enabling threat actors to manipulate files on compromised systems. While the vulnerability only affects non-default server configurations, it is estimated that most PaperCut installations have the affected setting enabled. Admins are advised to install security updates promptly or restrict access through IP allowlisting. Previously, PaperCut servers were targeted by ransomware gangs exploiting other vulnerabilities, leading to data theft and attacks by state-backed hacking groups.