CVE-2023-36802

Vulnerability updated 22 days ago (2024-11-29T13:59:35.075Z)

Download STIX

Preview STIX

CVE-2023-36802 is a significant software vulnerability that was identified in the Microsoft Streaming Service Proxy, specifically within Microsoft Stream's streaming service proxy (formerly known as Office 365 Video). This flaw, characterized as an Elevation of Privilege Vulnerability, allows a local attacker to execute arbitrary code with SYSTEM privileges. The vulnerability, rated with a CVSS score of 7.8, indicates a high level of severity and potential impact on affected systems. The discovery of CVE-2023-36802 marked it as one of two zero-day vulnerabilities found within Microsoft products, the other being located in Microsoft Word (CVE-2023-36761). These vulnerabilities were part of a larger release by Microsoft, which addressed a total of 59 bugs across various software offerings. Notably, CVE-2023-36802 was highlighted for immediate attention due to its potential impact and exploitation risk, earning it a spot at the top of the test-and-deploy list. In response to the identified threat, Microsoft promptly released fixes as part of their update guide. Additionally, Check Point IPS has provided protection against this specific vulnerability. Despite these remediation efforts, organizations are strongly advised to prioritize the deployment of these updates to mitigate the risk associated with CVE-2023-36802, given its potential for privilege escalation and the execution of arbitrary code.

Description last updated: 2024-05-04T16:49:39.710Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Microsoft

Vulnerability

Proxy

Windows

Zero Day

Exploit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-36761 Vulnerability is associated with CVE-2023-36802. CVE-2023-36761 is a notable vulnerability discovered in Microsoft Word, classified as an information disclosure issue. This flaw in software design or implementation allows for the exposure of NTLM (New Technology LAN Manager) hashes, presenting a significant security risk. The attack vector is thro	Unspecified	2

Source Document References

Information about the CVE-2023-36802 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securelist	11 days ago	Analyzing the vulnerability landscape in Q3 2024
DARKReading	10 months ago	Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks
Checkpoint	10 months ago	Raspberry Robin Keeps Riding the Wave of Endless 1-Days - Check Point Research
CERT-EU	a year ago	Critically close to zero (day): Exploiting Microsoft Kernel streaming service
CERT-EU	a year ago	Critically Close to Zero(Day): Exploiting Microsoft Kernel Streaming Service
CERT-EU	a year ago	Tripwire Patch Priority Index for September 2023
CERT-EU	a year ago	September Threat Advisory – Top 5 by SecurityHQ – Global Security Mag Online
Checkpoint	a year ago	18th September – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	Microsoft Septemer Security Updates for Multiple High-Risk Product Vulnerabilities
CERT-EU	a year ago	Cyber Security Week in Review: September 15, 2023
CERT-EU	a year ago	The Details of Microsoft’s September 2023 Patch Tuesday Release
CERT-EU	a year ago	Microsoft’s September 2023 Patch Tuesday Addresses 2 Zero-Days, 59 Vulnerabilities
CERT-EU	a year ago	Turns out even the NFL is worried about deepfakes
CERT-EU	a year ago	CISA Adds Two Known Vulnerabilities to Catalog \| IT Security News
CERT-EU	a year ago	Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
BankInfoSecurity	a year ago	Microsoft Patches Fix Word and Streaming Services Zero-Days
Malwarebytes	a year ago	Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days
CERT-EU	a year ago	66 Vulnerabilities Squashed in Microsoft September Security Patch -- Redmondmag.com
CISA	a year ago	CISA Adds Two Known Vulnerabilities to Catalog \| CISA
CERT-EU	a year ago	Microsoft Patch Tuesday: Two zero-days addressed in September update