CVE-2023-29360

Name of the Vulnerable Software and Affected Versions Microsoft Streaming Service versions prior to the fixed version

Description The issue allows attackers to gain System privileges on a vulnerable machine. It is an elevation-of-privilege vulnerability that affects the system. The vulnerability is related to an untrusted pointer dereference in the mskssrv.sys driver. It has been actively exploited and was demonstrated at the Pwn2Own contest. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Recommendations As a temporary workaround, consider disabling the mskssrv.sys driver until a patch is available. Update Windows to the latest version. Use a firewall and configure it to only allow trusted connections. Use a VPN with a reliable reputation. Keep track of cybersecurity news and do not use the same password for different sites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.