API security

CISA: Active exploitation of Microsoft Streaming Service bug should prompt urgent patching

CISA is primarily concerned with two scenarios: a piece of corrupted code that has become part of many different commercial and free software programs and the intentional targeting of a software provider in order to gain access to the IT environments of their customers downstream. (Image credit: zokara via Getty Image)

BleepingComputer reports that immediate patching of the high-severity Microsoft Streaming Service flaw, tracked as CVE-2023-29360, has been urged by the Cybersecurity and Infrastructure Security Agency amid active exploitation, with federal agencies ordered to apply patches by Mar. 21.

While no further details regarding the ongoing attacks were detailed in CISA's Known Exploited Vulnerabilities Catalog, the security issue, which was addressed by Microsoft in June, was reported by Check Point to have been used in Raspberry Robin malware attacks beginning in August. "Even though this is a pretty easy vulnerability to exploit, the fact that the exploit writer had a working sample before there was a known exploit in GitHub is impressive as is how quickly Raspberry Robin used it," said Check Point in a report released last month. USB drives have been primarily leveraged to facilitate the distribution of the worm-like Raspberry Robin malware since its emergence in September 2021.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.