CISA Adds Microsoft Streaming Service Bug to List of Known Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Microsoft’s Streaming Service to its Known Exploited Vulnerabilities catalog. The vulnerability, known as CVE-2023-29360 with a CVSS Score of 8.4, allows attackers to gain SYSTEM privileges. It was discovered by Thomas Imbert from Synacktiv through the Trend Micro Zero Day Initiative.

The availability of proof-of-concept codes has made it easier for threat actors to include the malicious code in their attack chains. Analysis of Raspberry Robin samples from before October 2023 revealed that the operators used an exploit for CVE-2023-29360, which was publicly disclosed in June and exploited by Raspberry Robin in August.

According to the Binding Operational Directive (BOD) 22-01, federal agencies must address this vulnerability by March 21, 2024, to protect their networks. Private organizations are also advised to review the catalog of vulnerabilities and address any issues in their infrastructure.

CISA has ordered federal agencies to take action against this vulnerability to prevent potential attacks exploiting this flaw.

Fabio

Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles