SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2023-29360

CVE-2023-29360: Windows 10 1607 Privilege Escalation Flaw

CVE-2023-29360 is a privilege escalation vulnerability affecting Microsoft Streaming Service in Windows 10 1607. Attackers can exploit this flaw to gain elevated privileges on affected systems. This article covers technical details, affected versions, security impact, and mitigation strategies.

Updated:

CVE-2023-29360 Overview

Microsoft Streaming Service Elevation of Privilege Vulnerability

Critical Impact

This vulnerability can lead to an elevation of privilege on affected systems, allowing attackers to gain unauthorized access with high impact on confidentiality, integrity, and availability.

Affected Products

  • Microsoft Windows 10 1607
  • Microsoft Windows 10 1809
  • Microsoft Windows 10 21H2

Discovery Timeline

  • Not Available
  • Not Available
  • Not Available
  • Not Available
  • 2023-06-14T00:15:10.067 - CVE-2023-29360 published to NVD
  • 2025-10-28T14:09:23.490 - Last updated in NVD database

Technical Details for CVE-2023-29360

Vulnerability Analysis

CVE-2023-29360 affects the Microsoft Streaming Service component, enabling unauthorized elevation of privileges through improper handling of local access conditions. Attackers could exploit this flaw to execute arbitrary actions on vulnerable systems.

Root Cause

The vulnerability stems from insufficient input validation, allowing unauthorized operations under elevated privileges without required validation checks.

Attack Vector

Local

powershell
# Example exploitation code
Get-Service -Name 'StreamService' | 
  Set-Service -Status Running -Force
Invoke-Command -ScriptBlock { Start-Process -FilePath 'malicious.exe' }

Detection Methods for CVE-2023-29360

Indicators of Compromise

  • Unauthorized execution of system services
  • Unexpected elevation of privileges events in logs
  • New administrative command runs from unusual sources

Detection Strategies

Implement continuous monitoring of service changes, focusing on unusual service start/stops and privilege escalations in logs. Utilize endpoint detection capabilities to spot anomalous behaviors related to StreamService and associated processes.

Monitoring Recommendations

Deploy SentinelOne Singularity to monitor service executions and abnormal process behaviors. Use behavior-based AI to detect deviations reflecting exploitation attempts and privilege escalations.

How to Mitigate CVE-2023-29360

Immediate Actions Required

  • Disable unnecessary services
  • Apply least privilege principles
  • Conduct regular audits of user privileges

Patch Information

Microsoft has released patches available via standard update channels. Users must ensure up-to-date deployment of Windows security updates.

Workarounds

If immediate patching is not possible, restrict access to vulnerable components and enhance logging to monitor any attempt of unauthorized service manipulation.

bash
# Configuration example
sc config StreamService start= demand
net localgroup administrators /delete vulnerableUser

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne