Security News > 2024 > March > CISA warns of Microsoft Streaming bug exploited in malware attacks

CISA ordered U.S. Federal Civilian Executive Branch agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service that's actively exploited in attacks.

Redmond patched the bug during the June 2023 Patch Tuesday, with proof-of-concept exploit code dropping on GitHub three months later, on September 24.

CISA also added the bug to its Known Exploited Vulnerabilities Catalog this week, warning that such security bugs are "Frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise." As mandated by a binding operational directive issued in November 2021, federal agencies must patch their Windows systems against this security bug within three weeks, by March 21.

American-Israeli cybersecurity company Check Point provided more information on this vulnerability last month, saying that Raspberry Robin malware attacks have been exploiting CVE-2023-29360 since August 2023.

Microsoft said in July 2022 that it spotted the Raspberry Robin malware on the networks of hundreds of organizations from various industry sectors.

Raspberry Robin malware evolves with early access to Windows exploits.

News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-microsoft-streaming-bug-exploited-in-malware-attacks/