The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially recognized a critical vulnerability in the Microsoft Streaming Service, marking it for immediate action by federal entities. The flaw, identified as CVE-2023-29360, has been exploited in the wild, prompting CISA to include it in its Known Exploited Vulnerabilities (KEV) catalog. This inclusion mandates federal agencies to apply necessary patches or mitigations by March 21, 2024, to safeguard their networks against potential attacks.
Technical Analysis of the Vulnerability
CVE-2023-29360, with a CVSS Score of 8.4, is an untrusted pointer dereference vulnerability within the Microsoft Streaming Service, specifically targeting the MSKSSRV.SYS driver. The issue was first discovered by Thomas Imbert of Synacktiv, under the auspices of the Trend Micro Zero Day Initiative. Attackers exploiting this flaw gain SYSTEM privileges, granting them unfettered access to compromised systems. The disclosure of proof-of-concept (PoC) codes has further facilitated the exploitation of this vulnerability, making it imperative for organizations to apply mitigations swiftly.
Security researchers have traced the utilization of this exploit in malware distributions, including the Raspberry Robin worm as early as August, following the public release of the exploit code in June. This indicates a relatively quick adoption by cybercriminals, leveraging the vulnerability in their attack campaigns.
Implications and Recommendations
The directive from CISA underscores the seriousness with which this vulnerability is viewed by security authorities. While federal agencies are required to comply with the remediation timeline, CISA also strongly advises private sector organizations to review the KEV catalog and address this vulnerability within their own infrastructures.
The recognition of CVE-2023-29360 in the KEV catalog is a critical step towards mitigating a potentially widespread threat. It aligns with CISA's ongoing efforts to reduce the significant risk posed by known exploited vulnerabilities through proactive identification and remediation. Agencies and organizations are urged to prioritize this patching directive to protect against unauthorized system access and potential data breaches.