CVE-2023-29360

HIGH KEV

Microsoft Streaming Service - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2023-29360 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 29, 2024. EIP tracks 3 public exploits from researchers including Nero22k, 0xDivyanshu-new, Scottman625.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-29360, targeting the MSKSSRV.SYS driver. The exploit leverages multiple IOCTL calls to manipulate memory mappings and escalate privileges by overwriting token structures.

Description

Microsoft Streaming Service Elevation of Privilege Vulnerability

Exploits (3)

nomisec WORKING POC 153 stars

by Nero22k · local

https://github.com/Nero22k/cve-2023-29360

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-29360, targeting the MSKSSRV.SYS driver. The exploit leverages multiple IOCTL calls to manipulate memory mappings and escalate privileges by overwriting token structures.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: MSKSSRV.SYS driver (Windows)

No auth needed

Prerequisites: Access to a vulnerable Windows system with the MSKSSRV.SYS driver loaded

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SUSPICIOUS 12 stars

by 0xDivyanshu-new · local

https://github.com/0xDivyanshu-new/CVE-2023-29360

View Code ZIP pw:eip

The repository contains only a README with a link to an external blog post, lacking any exploit code or technical details. This pattern is typical of social engineering lures designed to redirect users to external content.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: mskssrv.sys (Windows)

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by Scottman625 · local

https://github.com/Scottman625/CVE-2023-29360

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-29360, targeting a local privilege escalation vulnerability in the Windows Kernel Streaming (KS) driver. The exploit manipulates kernel memory to escalate privileges by overwriting token privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Microsoft Windows Kernel Streaming (KS) driver

Auth required

Prerequisites: Local access to the target system · Ability to execute code with user-level privileges

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29360

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360

Scores

CVSS v3 8.4

EPSS 0.3029

EPSS Percentile 96.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2024-02-29

VulnCheck KEV 2024-02-07

InTheWild.io 2024-02-29

ENISA EUVD EUVD-2023-32933

CWE

CWE-822

Status published

Products (9)

microsoft/windows_10_1607 < 10.0.14393.5989 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.4499

microsoft/windows_10_21h2 < 10.0.19044.3086

microsoft/windows_10_22h2 < 10.0.19045.3086

microsoft/windows_11_21h2 < 10.0.22000.2057

microsoft/windows_11_22h2 < 10.0.22621.1848

microsoft/windows_server_2016 < 10.0.14393.5989

microsoft/windows_server_2019 < 10.0.17763.4499

microsoft/windows_server_2022 < 10.0.20348.1784

Published Jun 14, 2023

KEV Added Feb 29, 2024

Tracked Since Feb 18, 2026