CISA issued a warning for a vulnerability in Microsoft Streaming; being exploited by malware attackers

1 min. read

Published on March 6, 2024

published on March 6, 2024

Readers help support MSpoweruser. We may get a commission if you buy through our links.

The Cybersecurity and Infrastructure Security Agency (CISA) is urging all organizations, especially federal agencies of countries, to patch a critical vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that attackers are actively and extensively exploiting.

The vulnerability goes by the ID CVE-2023-29360. What it does is it allows local attackers to gain full control (SYSTEM privileges) over vulnerable systems with very minimal effort.

As reported, this vulnerability was said to be patched by Microsoft in June 2023, but the exploit code became publicly available three months later.

CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog and is mandating all federal agencies to patch their systems by March 21st, 2024.

While CISA hasn’t found evidence of this vulnerability being used in ransomware attacks, it is still a major security risk and should be addressed by all organizations immediately.

TL;DR:

Vulnerability: CVE-2023-29360 in Microsoft Streaming Service (MSKSSRV.SYS)
Severity: High
Impact: Allows attackers to gain full control of systems
Patched: June 2023 Patch Tuesday
Exploited since: August 2023
Ransomware usage: No evidence found
Patch deadline for federal agencies: March 21st, 2024