CVE-2023-29360

HIGH KEV

Microsoft Streaming Service - Privilege Escalation

Title source: llm

Description

Microsoft Streaming Service Elevation of Privilege Vulnerability

Exploits (4)

nomisec WORKING POC 153 stars

by Nero22k · local

https://github.com/Nero22k/cve-2023-29360

View Code ZIP pw:eip

nomisec SUSPICIOUS 12 stars

by 0xDivyanshu-new · local

https://github.com/0xDivyanshu-new/CVE-2023-29360

View Code ZIP pw:eip

nomisec WORKING POC

by Scottman625 · local

https://github.com/Scottman625/CVE-2023-29360

View Code ZIP pw:eip

inthewild

poc

https://github.com/exotikcheat/cve-2023-29360

View on inthewild

References (2)

[Patch, Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29360

Scores

CVSS v3 8.4

EPSS 0.3029

EPSS Percentile 96.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-02-29

VulnCheck KEV 2024-02-07

InTheWild.io 2024-02-29

ENISA EUVD EUVD-2023-32933

CWE

CWE-822

Status published

Products (9)

microsoft/windows_10_1607 < 10.0.14393.5989 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.4499

microsoft/windows_10_21h2 < 10.0.19044.3086

microsoft/windows_10_22h2 < 10.0.19045.3086

microsoft/windows_11_21h2 < 10.0.22000.2057

microsoft/windows_11_22h2 < 10.0.22621.1848

microsoft/windows_server_2016 < 10.0.14393.5989

microsoft/windows_server_2019 < 10.0.17763.4499

microsoft/windows_server_2022 < 10.0.20348.1784

Published Jun 14, 2023

KEV Added Feb 29, 2024

Tracked Since Feb 18, 2026