CVE-2023-36802: 
vulnerability analysis and mitigation

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability (CVE-2023-36802) is a local privilege escalation vulnerability discovered in the Microsoft Kernel Streaming Server (mskssrv.sys), a Windows kernel component used for virtualizing and sharing camera devices. The vulnerability was disclosed and patched in September 2023, affecting various versions of Windows 10 and Windows 11 operating systems (Security Intelligence).

The vulnerability is an object type confusion issue in the Microsoft Kernel Streaming Server that allows a context registration object to be passed as a stream object. Since context registration objects are smaller (0x78 bytes) than stream registration objects (0x1D8 bytes), this confusion enables out-of-bounds memory access. The vulnerability received a CVSS v3.1 base score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When successfully exploited, this vulnerability allows a local attacker to escalate privileges to SYSTEM level, effectively gaining complete control over the affected system. This enables an attacker to execute arbitrary code with the highest privileges, potentially leading to full system compromise (Security Intelligence).

Microsoft has released security updates to address this vulnerability. Organizations are advised to apply the relevant patches immediately. The fixes include replacing the FSRendezvousServer::FindObject function with FSRendezvousServer::FindStreamObject, which implements proper type verification by checking object type fields (Security Intelligence).