CVE-2023-29360
Published: 14 June 2023
Summary
CVE-2023-29360 is a high-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Microsoft Windows 10 1607. Its CVSS base score is 8.4 (High).
Operationally, ranked in the top 3.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
Microsoft Streaming Service contains an elevation of privilege vulnerability tracked as CVE-2023-29360. The flaw carries a CVSS 3.1 score of 8.4 and is associated with CWE-822. It affects the streaming service component in supported Microsoft products and allows an attacker to obtain elevated privileges on an affected system.
An unauthenticated local attacker can exploit the issue without user interaction. Successful exploitation grants full control over confidentiality, integrity, and availability on the target host, enabling the attacker to execute arbitrary code with elevated rights.
Microsoft has published remediation guidance through its Security Response Center, and the vulnerability appears in CISA’s catalog of known exploited vulnerabilities. The associated EPSS score has remained near 0.30 with only minor fluctuation between its recorded peak and current values.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-32933
Vulnerability details
Microsoft Streaming Service Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 29 February 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters the EoP by restricting the streaming service and its processes to the minimum privileges needed, blocking the local attacker from obtaining full system control.
Enforces access control policies on the streaming service so that an unprivileged local process cannot elevate to full system rights.
Requires timely application of the vendor patch that eliminates the CWE-822 flaw being actively exploited in the wild.