1. Home
  2. Vulnerabilities
  3. CVE-2023-29360

CVE-2023-29360

CVSS v3.1 8.4 (High)
84% Progress
EPSS 0.51 % (77th)
0.51% Progress
Affected Products 9
Advisories 2
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Microsoft Streaming Service Elevation of Privilege Vulnerability

Weaknesses
CWE-822
Untrusted Pointer Dereference
CWE-NVD-noinfo
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2023-06-14 00:15:10
(15 months ago)
Updated Date
2024-06-10 15:29:38
(3 months ago)
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360 ;https://nvd.nist.gov/vuln/detail/CVE-2023-29360
Vendor
Microsoft
Product
Streaming Service
In CISA Catalog from
2024-02-29
(6 months ago)
Due Date
2024-03-21
(6 months ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1607 on X64 prior 10.0.14393.5989 version cpe:2.3:o:microsoft:windows_10_1607::*:*:*:*:*:x64 < 10.0.14393.5989
  Microsoft Windows 10 1607 on X86 prior 10.0.14393.5989 version cpe:2.3:o:microsoft:windows_10_1607::*:*:*:*:*:x86 < 10.0.14393.5989
  Microsoft Windows 10 1809 prior 10.0.17763.4499 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.4499
  Microsoft Windows 10 21h2 prior 10.0.19044.3086 version cpe:2.3:o:microsoft:windows_10_21h2 < 10.0.19044.3086
  Microsoft Windows 10 22h2 prior 10.0.19045.3086 version cpe:2.3:o:microsoft:windows_10_22h2 < 10.0.19045.3086
  Microsoft Windows 11 21h2 prior 10.0.22000.2057 version cpe:2.3:o:microsoft:windows_11_21h2 < 10.0.22000.2057
  Microsoft Windows 11 22h2 prior 10.0.22621.1848 version cpe:2.3:o:microsoft:windows_11_22h2 < 10.0.22621.1848
  Microsoft Windows Server 2016 prior 10.0.14393.5989 version cpe:2.3:o:microsoft:windows_server_2016 < 10.0.14393.5989
  Microsoft Windows Server 2019 prior 10.0.17763.4499 version cpe:2.3:o:microsoft:windows_server_2019 < 10.0.17763.4499
  Microsoft Windows Server 2022 prior 10.0.20348.1784 version cpe:2.3:o:microsoft:windows_server_2022 < 10.0.20348.1784