[CDP-development] PEER REVIEW - TLP:GREEN (Vulnerability Alert Notification) CVE-2023-29360: Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Thu Feb 29 11:46:12 PST 2024 

Good morning,

The SOC Services team is reporting on the vulnerability: CVE-2023-29360: Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On June 13, 2023, Microsoft released a security advisory for CVE-2023-29360 regarding their Streaming Service. As of February 29, 2024, CISA has added the vulnerability to the Known Exploited Vulnerabilities catalog.

The following products are affected:

  *   Windows Server 2016 (Server Core installation)
  *   Windows Server 2016
  *   Windows 10 Version 1607 x64
  *   Windows 10 Version 1607 x32
  *   Windows 10 Version 22H2 x32
  *   Windows 10 Version 22H2 ARM64
  *   Windows 10 Version 22H2 x64
  *   Windows 11 Version 22H2 x64
  *   Windows 11 Version 22H2 ARM64
  *   Windows 10 Version 21H2 x64
  *   Windows 10 Version 21H2 ARM64
  *   Windows 10 Version 21H2 x32
  *   Windows 11 version 21H2 ARM64
  *   Windows 11 version 21H2 x64
  *   Windows Server 2022 (Server Core installation)
  *   Windows Server 2022
  *   Windows Server 2019 (Server Core installation)
  *   Windows Server 2019
  *   Windows 10 Version 1809 ARM64
  *   Windows 10 Version 1809 x64
  *   Windows 10 Version 1809 x32
Microsoft has released the following security advisory and patch information addressing CVE-2023-29360,: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360

Intelligence: As of February 29, 2024, the vulnerability has been confirmed as being exploited in the wild.

Workarounds: There are no workarounds for this vulnerability.

How it works: Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

Post-Exploit: Upon successful exploitation of the vulnerability, a threat actor could gain SYSTEM privileges.


As of October 24, 2023, the following vulnerability plugins have been released and are currently in Tenable Security Center:
Plugin
Title
Severity
177252<https://www.tenable.com/plugins/nessus/177252>
KB5027215: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (June 2023)
Critical
177246<https://www.tenable.com/plugins/nessus/177246>
KB5027219: Windows 10 Version 1607 and Windows Server 2016 Security Update (June 2023)
Critical
177242<https://www.tenable.com/plugins/nessus/177242>
KB5027231: Windows 11 version 22H2 Security Update (June 2023)
Critical
177247<https://www.tenable.com/plugins/nessus/177247>
KB5027222: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2023)
Critical
177235<https://www.tenable.com/plugins/nessus/177235>
KB5027225: Windows 2022 / Azure Stack HCI 22H2 Security Update (June 2023)
Critical
177251<https://www.tenable.com/plugins/nessus/177251>
KB5027223: Windows 11 version 21H2 Security Update (June 2023)
Critical

Recommended Actions:


  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services

[cid:image001.png at 01DA6586.316C86F0]
Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378
"Ensuring user-friendly, reliable and secure state technology systems that serve Oregonians."


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240229/13b72d0f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240229/13b72d0f/attachment-0001.png>

More information about the CDP-development mailing list