Federal Civilian Executive Branch (FCEB ) organizations in the United States were required to secure their Windows systems against a Microsoft Streaming Service ( MSKSSRV ) high-stakes vulnerability. SYS) that is actively used in attacks.
Untrusted pointer dereference, which enables local attackers to gain SYSTEM privileges in low-complexity attacks that do n’t require user interaction, is responsible for the security flaw ( tracked as CVE- 2023- 29360 ).
Thomas Imbert of Synactiv discovered CVE- 2023- 29360 in the Microsoft Streaming Service Proxy ( MSKSSRV ). Through Trend Micro’s Zero Day Initiative, SYS) and reported to Microsoft. Redmond patched the issue during the June 2023 Patch Tuesday, with proof-of-concept code being released on GitHub on September 24. The bug was fixed by Redmond during the September 2023 Patch Tuesday.
No indications of ongoing attacks were provided by the U.S. cybersecurity agency, but it did confirm that no proof was found that this vulnerability was employed in ransomware attacks.
Federal agencies are required to patch their Windows systems against this security bug within three weeks, by March 21, according to a binding operational directive ( BOD 22- 01 ), which was issued in November 2021. CISA also added the bug to its Known Exploited Vulnerabilities Catalog this week.
Private organizations around the world are also advised to prioritize patching this vulnerability in order to stop ongoing attacks, despite CISA’s KEV catalog’s primarily efforts to alert federal agencies to security flaws that should be fixed as soon as possible.
since August, malware has been targeted.
Check Point, an American-Israeli cybersecurity firm, reported on this vulnerability last month, claiming that attacks against Raspberry Robin malware have been carried out using CVE- 2023- 29360 since August 2023.
” As we examined Raspberry Robin samples in October, we discovered that it also had a CVE-2023-29360 exploit. Raspberry Robin used this vulnerability in August, according to Check Point, which was made public in June.
The fact that the exploiter had a working sample before there was a known exploit on GitHub and how quickly Raspberry Robin used it is impressive, even though it is relatively simple to exploit.
A malware known as” Raspberry Robin” that was discovered in September 2021 and mainly spreads through USB drives. Although its creators are unknown, EvilCorp and the Clop ransomware gang have been connected to a number of cybercriminal organizations.
In July 2022, Microsoft claimed to have found the Raspberry Robin malware on the networks of hundreds of businesses across various industry sectors.
This worm has continuously evolved since its discovery, adopting new delivery strategies and introducing new features, including a evasion where fake payloads are dropped to mislead researchers.