CISA Warns of Windows Streaming Service Vulnerability Exploitation

CISA Warns of Windows Streaming Service Vulnerability Exploitation

March 1, 2024 at 08:57AM

The US cybersecurity agency CISA added a high-severity elevation of privilege flaw in Microsoft Streaming Service to its Known Exploited Vulnerabilities catalog, warning of active exploitation. The flaw, tracked as CVE-2023-29360, could allow attackers to gain System privileges. CISA urges organizations to apply patches and has a deadline of March 21 for federal agencies to patch vulnerable assets.

Key takeaways from the meeting notes:

– CISA has added a high-severity elevation of privilege flaw in Microsoft Streaming Service to its Known Exploited Vulnerabilities catalog, with active exploitation in the wild.
– The flaw, tracked as CVE-2023-29360 with a CVSS score of 8.4, was patched in June 2023 for various Windows versions.
– Attackers could gain System privileges on a vulnerable machine through the untrusted pointer dereference vulnerability in Microsoft Streaming Service.
– Despite proof-of-concept code availability, there have been no widespread reports of exploitation.
– US federal agencies have until March 21 to identify and patch vulnerable assets affected by CVE-2023-29360 as per the Binding Operational Directive (BOD) 22-01.
– CISA urges all organizations to apply available patches and emphasizes the significant risk of compromise posed by the security defect.

Let me know if you need any further information or assistance!

Full Article