📄 Description (English)
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability — Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
🤖 AI Executive Summary
CVE-2023-29360 is a critical privilege escalation vulnerability in Microsoft Streaming Service allowing local attackers to gain SYSTEM-level privileges through untrusted pointer dereference. With a CVSS score of 9.0 and publicly available exploits, this poses an immediate threat to Windows-based infrastructure across Saudi organizations. Immediate patching is essential to prevent unauthorized system compromise.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 19, 2026 03:32
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability directly impacts Saudi government entities, banking sector (SAMA-regulated institutions), healthcare organizations, and energy sector (ARAMCO and related entities) running Windows infrastructure. The privilege escalation capability enables attackers to bypass security controls, access sensitive data, deploy malware, and establish persistent backdoors. Critical risk for NCA-regulated government networks and SAMA-supervised financial institutions managing critical national infrastructure.
🏢 Affected Saudi Sectors
Government & Public Administration
Banking & Financial Services
Healthcare & Medical Institutions
Energy & Utilities (ARAMCO, related entities)
Telecommunications (STC, Mobily, Zain)
Critical Infrastructure
Defense & Security
🎯 MITRE ATT&CK Techniques
T1548.004 - Abuse Elevation Control Mechanism: Bypass User Account Control
T1548 - Abuse Elevation Control Mechanism
T1134 - Access Token Manipulation
T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys
T1547 - Boot or Logon Autostart Execution
T1543.003 - Create or Modify System Process: Windows Service
T1053.005 - Scheduled Task/Job: Scheduled Task
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all systems running Microsoft Streaming Service across your environment
2. Prioritize patching for critical systems: government networks, banking infrastructure, healthcare systems, and energy sector SCADA/ICS systems
3. Apply Microsoft security updates immediately upon availability
PATCHING GUIDANCE:
1. Deploy patches through WSUS or Microsoft Update for Windows systems
2. Test patches in non-production environments first
3. Implement phased rollout starting with critical infrastructure
4. Verify patch installation using Get-HotFix PowerShell command
COMPENSATING CONTROLS (if immediate patching delayed):
1. Disable Streaming Service if not required: sc config "Streaming Service" start=disabled
2. Restrict local access through Group Policy and firewall rules
3. Implement application whitelisting to prevent unauthorized execution
4. Monitor for suspicious process creation and privilege escalation attempts
DETECTION RULES:
1. Monitor Event ID 4688 for suspicious process creation with SYSTEM privileges
2. Alert on Streaming Service process spawning child processes
3. Track failed and successful privilege escalation attempts (Event ID 4673)
4. Monitor for pointer dereference exceptions in system logs
5. Implement EDR rules detecting local privilege escalation patterns
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تقوم بتشغيل خدمة Microsoft Streaming Service في بيئتك
2. إعطاء الأولوية لتصحيح الأنظمة الحرجة: شبكات الحكومة والبنية التحتية المصرفية وأنظمة الرعاية الصحية وأنظمة الطاقة SCADA/ICS
3. تطبيق تحديثات أمان Microsoft فوراً عند توفرها
إرشادات التصحيح:
1. نشر التصحيحات عبر WSUS أو Microsoft Update لأنظمة Windows
2. اختبار التصحيحات في بيئات غير الإنتاج أولاً
3. تنفيذ نشر متدرج بدءاً من البنية التحتية الحرجة
4. التحقق من تثبيت التصحيح باستخدام أمر PowerShell Get-HotFix
الضوابط البديلة (إذا تأخر التصحيح الفوري):
1. تعطيل خدمة Streaming إذا لم تكن مطلوبة: sc config "Streaming Service" start=disabled
2. تقييد الوصول المحلي من خلال Group Policy وقواعد جدار الحماية
3. تنفيذ القائمة البيضاء للتطبيقات لمنع التنفيذ غير المصرح به
4. مراقبة محاولات إنشاء العمليات والامتيازات المريبة
قواعد الكشف:
1. مراقبة Event ID 4688 لإنشاء عمليات مريبة بامتيازات SYSTEM
2. التنبيه عند توليد عملية Streaming Service لعمليات فرعية
3. تتبع محاولات تصعيد الامتيازات الفاشلة والناجحة (Event ID 4673)
4. مراقبة استثناءات إلغاء المؤشرات في سجلات النظام
5. تنفيذ قواعد EDR للكشف عن أنماط تصعيد الامتيازات المحلية
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies
ECC 2024 A.5.2.1 - User Registration and De-registration
ECC 2024 A.5.3.1 - Access Rights Review
ECC 2024 A.8.1.1 - Information Security Awareness
ECC 2024 A.12.2.1 - Change Management
ECC 2024 A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
SAMA CSF ID.GV-1 - Organizational Governance
SAMA CSF PR.AC-1 - Access Control Policy
SAMA CSF PR.PT-2 - Vulnerability Management
SAMA CSF DE.CM-8 - Vulnerability Scanning
SAMA CSF RS.MI-2 - Incident Response Procedures
🟡 ISO 27001:2022
ISO 27001:2022 A.5.1 - Policies for Information Security
ISO 27001:2022 A.5.15 - Access Control
ISO 27001:2022 A.8.1 - Information Security Awareness
ISO 27001:2022 A.12.6 - Management of Technical Vulnerabilities
ISO 27001:2022 A.14.2 - Change Management
🟣 PCI DSS v4.0
PCI DSS 2.4 - Configuration Standards
PCI DSS 6.2 - Security Patches
PCI DSS 11.2 - Vulnerability Scanning
🔗 References & Sources 0
No references.
📦 Affected Products / CPE 1 entries
Microsoft:Streaming Service