SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

CISA Warns of Windows Streaming Service Vulnerability Exploitation

CISA says a high-severity elevation of privilege vulnerability in Microsoft Streaming Service is actively exploited in the wild.
CISA

The US cybersecurity agency CISA on Thursday added a high-severity elevation of privilege flaw in Microsoft Streaming Service to its Known Exploited Vulnerabilities catalog, warning of its active exploitation in the wild.

The Streaming Service, an integral part of Windows, is a system service that enables the streaming of audio and video across a network for multimedia and gaming applications, and video conferencing software.

The issue, tracked as CVE-2023-29360 (CVSS score of 8.4) and patched in June 2023 in Windows 10 and 11 and Windows Server 2016, 2019, and 2022, could allow attackers to gain System privileges on a vulnerable machine.

“Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain System privileges,” CISA’s entry in the KEV catalog reads.

CISA has not provided information on the attacks exploiting CVE-2023-29360 and noted that it has no evidence that ransomware groups are targeting it. Microsoft’s June 2023 advisory still flags the bug as “not exploited”.

Proof-of-concept (PoC) code targeting the MSKSSRV.SYS driver (a system file associated with the Microsoft Kernel Streaming Server) to exploit CVE-2023-29360 has been available for roughly six months.

Advertisement. Scroll to continue reading.

Despite the PoC’s availability and CISA’s action, no other reports on this vulnerability’s exploitation have emerged until now.

When a new security hole is added to the KEV list, US federal agencies have three weeks to identify and patch vulnerable assets within their environments, as dictated by the Binding Operational Directive (BOD) 22-01. In CVE-2023-29360’s case, that deadline is March 21.

The cybersecurity agency urges all organizations to apply patches available for the security defects in the KEV catalog, warning that they pose a significant risk of compromise.

“We released a fix for CVE-2023-29360 in June last year. Customers who have installed the latest updates, or have automatic updates enabled, are already protected,” a Microsoft spokesperson said, responding to a SecurityWeek inquiry.

*Updated with statement from Microsoft.

Related: CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks

Related: CISA Warns of Roundcube Webmail Vulnerability Exploitation

Related: Faster Patching Pace Validates CISA’s KEV Catalog Initiative

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: How Modern Breaches Bypass MFA and Evade Detection
June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Register

Webinar: Modern Exposure Validation in the AI Era
June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

Register

People on the Move

SolarWinds has appointed Justin Henkel as Chief Information Security Officer.

J. Paul Haynes has joined Cinchy as Chief Executive Officer.

Hatem Naguib has become Chief Executive Officer at Sysdig.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.