Cybersecurity Agency CISA Warns of a Highly Severe Vulnerability in Microsoft Streaming Service

by
Mark Cop
from The Tech Report on (#6K31M)
florian-olivo-4hbJ-eymZ1o-unsplash-1024x

florian-olivo-4hbJ-eymZ1o-unsplash-1024x

The Cybersecurity and Infrastructure Security Agency (CISA), a US-based cybersecurity agency, added a high-severity elevation of privilege flaw i Microsoft Streaming Service to its Known Exploited Vulnerabilities (KEV) catalog last Thursday, February 29. According to the agency, the exploit is still active in the wild.

The Microsoft Streaming Service is a big part of Windows OS. It represents a system service that allows Windows users to stream video and audio across a network of gaming and multimedia apps. It is also commonly used by video conferencing software.

1f6e1.png Microsoft Streaming Service users: We added #CVE-2023-29360 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec pic.twitter.com/b1qClLDXwQ

- CISA Cyber (@CISACyber) March 1, 2024

Details on the vulnerability

According to the agency, the issue is known as CVE-2023-29360 (with a CVSS score of 8.4). It was originally patched in June 2023 in both Windows 10 and 11. The same is true for Windows Server 2016, 2019, and 2022. Now, according to CISA, the issue allows attackers to gain System privileges on targeted machines.

The agency's entry in the KEV catalog says:

Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain System privileges.

While CISA noted that the exploit is active and useful to bad actors, it did not provide information on specific attacks. The agency noted that it does not have evidence that any ransomware groups are targeting CVE-2023-29360 at this time. This is also in line with Microsoft's June 2023 advisory, which flagged the bug, but it also listed it as not exploited."

With that said, a Proof-of-Concept (PoC) code that targets the MSKSSRV-SYS driver in order to exploit the bug has been available for around six months now. But, despite its availability and CISA's action, there have been no reports that the vulnerability has been exploited so far.

Federal Agencies and Private Organizations Urged to Patch the Flaw

Given the fact that CISA has added the vulnerability to the KEV list, US federal agencies have until March 21 to patch it. The reason for this is the fact that there is a three-week deadline to identify and patch a new security hole after it reaches the KEV list. This is a priority now, as dictated by the Binding Operational Directive (BOD) 22-01. The three-week deadline started from the moment the flaw was added to the list.

This is why CISA ordered the US Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a flaw that could be exploited in potential attacks.

In the meantime, the cybersecurity agency urged all organizations to create and quickly apply patches for any vulnerabilities added to the KEV catalog.

While CISA's KEV catalog is primarily used to alert federal agencies about significant security flaws that must be addressed as soon as possible. Private organizations are also advised to prioritize patching these vulnerabilities. It noted that they all pose a massive risk if left unresolved, and that they will likely be compromised before long.

Meanwhile, Microsoft's spokesperson said that the company released a fix for CVE-2023-29360 in June 2023. This means that all customers who have installed the latest updates or have automatic updates enabled are already protected from the flaw.

The ones in danger are those who have auto-updates disabled. As they prefer to do their patches and updates manually, but have for some reason failed to install them.

Raspberry Robin Malware Attacks Used the Flaw Since August

Last month, an American-Israeli cybersecurity firm Check Point provided some additional information on CVE-2023-29360. It said that Raspberry Robin malware attacks have been exploiting this flaw since August of last year. This was only two months after it was publicly disclosed in June of the same year.

Beware of Stealthy Raspberry Robin That Delivered as a Windows Component @the_cyber_news

1f4cc.png Exploited 0-dayslike CVE-2023-36802
1f4cc.png Exploits Microsoft Streaming Service CVE-2023-29360

Read more: https://t.co/o9SHelmXPl#cybersecurity #informationsecurity

- Cyber Security News (@The_Cyber_News) February 13, 2024

Even though this is a pretty easy vulnerability to exploit, the fact that the exploit writer had a working sample before there was a known exploit in GitHub is impressive as is how quickly Raspberry Robin used it," the company added.

The post Cybersecurity Agency CISA Warns of a Highly Severe Vulnerability in Microsoft Streaming Service appeared first on The Tech Report.

External Content
Source RSS or Atom Feed
Feed Location https://techreport.com/feed/
Feed Title The Tech Report
Feed Link https://techreport.com/
Reply 0 comments