Microsoft Streaming Service Vulnerability Exploited - 20240212001

Overview

Microsoft Streaming Service Proxy with high local privilege escalation vulnerabilities have been reported exploited by the new Raspberry Robin campaign. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

What is the vulnerability?

CVE ID	Severity	CVSS	Exploitation	Dated
CVE-2023-29360	High	8.4	Yes	29 Feb,2024

What is vulnerable?

Product(s) Affected	Versions
- Microsoft Windows 10 Version 1809, 32-bit Systems, x64-based Systems, ARM64-based Systems - Microsoft Windows Server 2019, x64-based Systems - Microsoft Windows Server 2019 (Server Core installation), x64-based Systems	versions 10.0.0 to 10.0.17763.4499
- Microsoft Windows Server 2022, x64-based Systems	versions 10.0.0 to 10.0.20348.1787 versions 10.0.0 to 10.0.20348.1784
- Microsoft Windows 11 version 21H2, x64-based Systems, ARM64-based Systems	versions 10.0.0 to 10.0.22000.2057
- Microsoft Windows 10 Version 21H2, 32-bit Systems, ARM64-based Systems	versions 10.0.0 to 10.0.19044.3086
- Microsoft Windows 11 version 22H2, ARM64-based Systems, x64-based Systems	versions 10.0.0 to 10.0.22621.1848
- Microsoft Windows 10 Version 22H2, x64-based Systems, ARM64-based Systems, 32-bit Systems	versions 10.0.0 to 10.0.19045.3086
- Microsoft Windows 10 Version 1607, x64-based Systems, ARM64-based Systems, 32-bit Systems	versions 10.0.0 to 10.0.14393.5989
- Microsoft Windows Server 2016, x64-based Systems	versions 10.0.0 to 10.0.14393.5989
- Microsoft Windows Server 2016 (Server Core installation), x64-based Systems	versions 10.0.0 to 10.0.14393.5989

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):

• Microsoft Security Update Guide