diff --git a/rules/windows/builtin/application/msmq/win_msmq_corrupted_packet.yml b/rules/windows/builtin/application/msmq/win_msmq_corrupted_packet.yml
new file mode 100644
index 000000000..d5d0cd051
--- /dev/null
+++ b/rules/windows/builtin/application/msmq/win_msmq_corrupted_packet.yml
@@ -0,0 +1,22 @@
+title: MSMQ Corrupted Packet Encountered
+id: ae94b10d-fee9-4767-82bb-439b309d5a27
+status: experimental
+description: Detects corrupted packets sent to the MSMQ service. Could potentially be a sign of CVE-2023-21554 exploitation
+references:
+    - https://www.randori.com/blog/vulnerability-analysis-queuejumper-cve-2023-21554/
+author: Nasreddine Bencherchali (Nextron Systems)
+date: 2023/04/21
+tags:
+    - attack.execution
+logsource:
+    product: windows
+    service: application
+detection:
+    selection:
+        Provider_Name: 'MSMQ'
+        EventID: 2027
+        Level: 2
+    condition: selection
+falsepositives:
+    - Unknown
+level: high
diff --git a/rules/windows/builtin/system/service_control_manager/win_system_service_terminated_unexpectedly.yml b/rules/windows/builtin/system/service_control_manager/win_system_service_terminated_unexpectedly.yml
new file mode 100644
index 000000000..ecf75354e
--- /dev/null
+++ b/rules/windows/builtin/system/service_control_manager/win_system_service_terminated_unexpectedly.yml
@@ -0,0 +1,28 @@
+title: Important Windows Service Terminated Unexpectedly
+id: 56abae0c-6212-4b97-adc0-0b559bb950c3
+status: experimental
+description: Detects important or interesting windows services that got terminated unexpectedly.
+references:
+    - https://www.randori.com/blog/vulnerability-analysis-queuejumper-cve-2023-21554/
+author: Nasreddine Bencherchali (Nextron Systems)
+date: 2023/04/14
+tags:
+    - attack.defense_evasion
+logsource:
+    product: windows
+    service: system
+detection:
+    selection_eid:
+        Provider_Name: 'Service Control Manager'
+        EventID: 7034 # The X service terminated unexpectedly. It has done this Y time(s).
+    selection_name:
+        # Note that these names contained in "param1" are "Display Names" and are language specific. If you're using a non-english system these can and will be different
+        - param1|contains: 'Message Queuing'
+        # Use this If you collect the binary value provided from this event, which is the wide hex encoded value of the service name.
+        - Binary|contains:
+            - '4d0053004d005100' # MSMQ (Microsoft Message Queuing). Encoded in upper case just in case
+            - '6d0073006d007100' # msmq 
+    condition: all of selection_*
+falsepositives:
+    - Rare false positives could occur since service termination could happen due to multiple reasons
+level: high