HomeWinBuzzer NewsCISA Elevates Microsoft Streaming Service Vulnerability to KEV Catalog

CISA Elevates Microsoft Streaming Service Vulnerability to KEV Catalog

CISA urgently warns of a critical Microsoft vulnerability (CVE-2023-29360) exploited in attacks.

-

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially recognized a critical vulnerability in the Streaming Service, marking it for immediate action by federal entities. The flaw, identified as CVE-2023-29360, has been exploited in the wild, prompting CISA to include it in its Known Exploited Vulnerabilities (KEV) catalog. This inclusion mandates federal agencies to apply necessary patches or mitigations by March 21, 2024, to safeguard their networks against potential attacks.

Technical Analysis of the Vulnerability

CVE-2023-29360, with a CVSS Score of 8.4, is an untrusted pointer dereference vulnerability within the Microsoft Streaming Service, specifically targeting the MSKSSRV.SYS driver. The issue was first discovered by Thomas Imbert of Synacktiv, under the auspices of the Trend Micro Zero Day Initiative. Attackers exploiting this flaw gain SYSTEM privileges, granting them unfettered access to compromised systems. The disclosure of proof-of-concept (PoC) codes has further facilitated the exploitation of this vulnerability, making it imperative for organizations to apply mitigations swiftly.

Security researchers have traced the utilization of this exploit in malware distributions, including the Raspberry Robin worm as early as August, following the public release of the exploit code in June. This indicates a relatively quick adoption by cybercriminals, leveraging the vulnerability in their attack campaigns.

Implications and Recommendations

The directive from CISA underscores the seriousness with which this vulnerability is viewed by security authorities. While federal agencies are required to comply with the remediation timeline, CISA also strongly advises private sector organizations to review the KEV catalog and address this vulnerability within their own infrastructures.

The recognition of CVE-2023-29360 in the KEV catalog is a critical step towards mitigating a potentially widespread threat. It aligns with CISA's ongoing efforts to reduce the significant risk posed by known exploited vulnerabilities through proactive identification and remediation. Agencies and organizations are urged to prioritize this patching directive to protect against unauthorized system access and potential .

SourceCISA
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News

Mastodon