CISA urges government agencies to address Microsoft Streaming exploit

Government agencies must patch this exploit by March 21

Reading time icon 1 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

CISA exploit microsoft streaming

It seems that another exploit has been found in Windows, and this one allows hackers to gain high-level privileges on infected PCs.

This sounds rather serious, so keep on reading how to protect yourself from this nasty malware.

CISA has added this exploit to its Known Exploited Vulnerabilities Catalog

As reported by Bleeping Computer, there’s a security flaw in MSKSSRV.SYS file that allows hackers to gain SYSTEM privileges on target PCs. To make matters worse, these attacks don’t require any user interaction.

This vulnerability was labeled CVE-2023-29360 and was fixed in June 2023, with proof-of-concept code being released on September 24.

CISA hasn’t provided any information regarding ongoing attacks, but the bug was added to the Known Exploited Vulnerabilities Catalog urging all federal agencies to quickly patch this issue.

According to Check Point, Raspberry Robin malware attacks have been exploiting this vulnerability since August 2023.

The good news is that this vulnerability has been patched, and as long as you have the latest updates installed, you should be secure. Unfortunately, this isn’t the only vulnerability, and we already wrote about AppLocker vulnerability in Windows, but just like this one, it was quickly patched by Microsoft.

More about the topics: Cybersecurity

User forum

0 messages