March 1, 2024 at 02:22PM
CISA has directed U.S. agencies to secure Windows systems against a critical vulnerability in Microsoft Streaming Service actively exploited in attacks. Tracked as CVE-2023-29360, the flaw allows local attackers to gain SYSTEM privileges without user interaction. Federal agencies must patch systems by March 21, as the bug has been exploited in malware attacks since August.
From the meeting notes, the key takeaways are:
1. CISA has directed U.S. Federal Civilian Executive Branch agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that’s actively exploited in attacks.
2. The security flaw (CVE-2023-29360) allows local attackers to gain SYSTEM privileges in low-complexity attacks without user interaction.
3. Synactiv’s Thomas Imbert discovered CVE-2023-29360 and reported it to Microsoft through Trend Micro’s Zero Day Initiative. Microsoft patched the bug in June 2023, with proof-of-concept exploit code appearing on GitHub in September 2023.
4. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog and federal agencies must patch their Windows systems against it by March 21 as per a binding operational directive.
5. Raspberry Robin malware has been exploiting CVE-2023-29360 since August 2023, with the malware having worm capabilities and being linked to multiple cybercriminal groups.
6. Organizations worldwide, including private entities, are advised to prioritize patching this vulnerability to prevent ongoing attacks.
This summary provides an overview of the main points discussed in the meeting notes.