Security News > 2024 > March > CISA warns of Microsoft Streaming bug exploited in malware attacks
CISA ordered U.S. Federal Civilian Executive Branch agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service that's actively exploited in attacks.
Redmond patched the bug during the June 2023 Patch Tuesday, with proof-of-concept exploit code dropping on GitHub three months later, on September 24.
CISA also added the bug to its Known Exploited Vulnerabilities Catalog this week, warning that such security bugs are "Frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise." As mandated by a binding operational directive issued in November 2021, federal agencies must patch their Windows systems against this security bug within three weeks, by March 21.
American-Israeli cybersecurity company Check Point provided more information on this vulnerability last month, saying that Raspberry Robin malware attacks have been exploiting CVE-2023-29360 since August 2023.
Microsoft said in July 2022 that it spotted the Raspberry Robin malware on the networks of hundreds of organizations from various industry sectors.
Raspberry Robin malware evolves with early access to Windows exploits.
News URL
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- CISA: Here’s how you can foil DDoS attacks (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- CISA tags Microsoft SharePoint RCE bug as actively exploited (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-14 | CVE-2023-29360 | Unspecified vulnerability in Microsoft products Microsoft Streaming Service Elevation of Privilege Vulnerability | 8.4 |