BleepingComputer reports that immediate patching of the high-severity Microsoft Streaming Service flaw, tracked as CVE-2023-29360, has been urged by the Cybersecurity and Infrastructure Security Agency amid active exploitation, with federal agencies ordered to apply patches by Mar. 21.
While no further details regarding the ongoing attacks were detailed in CISA's Known Exploited Vulnerabilities Catalog, the security issue, which was addressed by Microsoft in June, was reported by Check Point to have been used in Raspberry Robin malware attacks beginning in August. "Even though this is a pretty easy vulnerability to exploit, the fact that the exploit writer had a working sample before there was a known exploit in GitHub is impressive as is how quickly Raspberry Robin used it," said Check Point in a report released last month. USB drives have been primarily leveraged to facilitate the distribution of the worm-like Raspberry Robin malware since its emergence in September 2021.
