Connect with us

Hi, what are you looking for?



CISA Warns of Windows Streaming Service Vulnerability Exploitation

CISA says a high-severity elevation of privilege vulnerability in Microsoft Streaming Service is actively exploited in the wild.

CISA known exploited vulnerabilites

The US cybersecurity agency CISA on Thursday added a high-severity elevation of privilege flaw in Microsoft Streaming Service to its Known Exploited Vulnerabilities catalog, warning of its active exploitation in the wild.

The Streaming Service, an integral part of Windows, is a system service that enables the streaming of audio and video across a network for multimedia and gaming applications, and video conferencing software.

The issue, tracked as CVE-2023-29360 (CVSS score of 8.4) and patched in June 2023 in Windows 10 and 11 and Windows Server 2016, 2019, and 2022, could allow attackers to gain System privileges on a vulnerable machine.

“Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain System privileges,” CISA’s entry in the KEV catalog reads.

CISA has not provided information on the attacks exploiting CVE-2023-29360 and noted that it has no evidence that ransomware groups are targeting it. Microsoft’s June 2023 advisory still flags the bug as “not exploited”.

Proof-of-concept (PoC) code targeting the MSKSSRV.SYS driver (a system file associated with the Microsoft Kernel Streaming Server) to exploit CVE-2023-29360 has been available for roughly six months.

Despite the PoC’s availability and CISA’s action, no other reports on this vulnerability’s exploitation have emerged until now.

When a new security hole is added to the KEV list, US federal agencies have three weeks to identify and patch vulnerable assets within their environments, as dictated by the Binding Operational Directive (BOD) 22-01. In CVE-2023-29360’s case, that deadline is March 21.

Advertisement. Scroll to continue reading.

The cybersecurity agency urges all organizations to apply patches available for the security defects in the KEV catalog, warning that they pose a significant risk of compromise.

“We released a fix for CVE-2023-29360 in June last year. Customers who have installed the latest updates, or have automatic updates enabled, are already protected,” a Microsoft spokesperson said, responding to a SecurityWeek inquiry.

*Updated with statement from Microsoft.

Related: CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks

Related: CISA Warns of Roundcube Webmail Vulnerability Exploitation

Related: Faster Patching Pace Validates CISA’s KEV Catalog Initiative

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.