Windows Kernel Vulnerability Actively Exploits in Attacks to Gain System Access
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, one of which belongs to a Windows kernel vulnerability actively used in attacks.
This update follows verified evidence of active exploitation of these vulnerabilities, highlighting the ongoing risks they pose to cybersecurity.
CVE-2024-35250 : Found in the Microsoft Windows Kernel-Mode Driver, this vulnerability is characterized by an untrusted pointer dereference.
This type of issue can lead to system crashes or allow attackers to execute arbitrary code, making it a critical concern for security professionals.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” Microsoft fixed the vulnerability in the recent December patch Tuesday release.
Microsoft provided limited details in a security advisory released in June; however, the DEVCORE Research Team, which discovered the vulnerability and reported it to Microsoft via Trend Micro’s Zero Day Initiative, identified the affected system component as the Microsoft Kernel Streaming Service (MSKSSRV.SYS).
CVE-2024-20767 : This vulnerability affects Adobe ColdFusion and involves improper access control. Such vulnerabilities can be exploited by attackers to gain unauthorized access to sensitive information or systems, presenting a significant threat to cybersecurity.
These vulnerabilities are frequently used by malicious cyber actors as attack vectors, posing substantial risks to federal systems.
In response, CISA’s Binding Operational Directive (BOD) 22-01, titled “Reducing the Significant Risk of Known Exploited Vulnerabilities,” mandates that Federal Civilian Executive Branch (FCEB) agencies remediate these vulnerabilities by specified deadlines.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise” CISA added.
While BOD 22-01 explicitly targets FCEB agencies, CISA strongly recommends that all organizations take proactive measures to limit their cyber-attack exposure.
Organizations can enhance their overall cybersecurity posture by prioritizing the timely remediation of these cataloged vulnerabilities. This practice is a crucial component of a robust vulnerability management strategy.
CISA remains committed to updating the Known Exploited Vulnerabilities Catalog with new vulnerabilities that meet its defined criteria.
This living list serves as a critical resource for understanding current threats and mitigating risks. Organizations are encouraged to consult the BOD 22-01 Fact Sheet for further details on managing these vulnerabilities.
#Cyber_Security_News #Vulnerability #Vulnerability_News #Windows #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Windows Kernel Vulnerability Actively Exploits in Attacks to Gain System Access
Author: Balaji NThe Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, one of which belongs to a Windows kernel vulnerability actively used in attacks.
This update follows verified evidence of active exploitation of these vulnerabilities, highlighting the ongoing risks they pose to cybersecurity.
CVE-2024-35250 : Found in the Microsoft Windows Kernel-Mode Driver, this vulnerability is characterized by an untrusted pointer dereference.
This type of issue can lead to system crashes or allow attackers to execute arbitrary code, making it a critical concern for security professionals.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” Microsoft fixed the vulnerability in the recent December patch Tuesday release.
Microsoft provided limited details in a security advisory released in June; however, the DEVCORE Research Team, which discovered the vulnerability and reported it to Microsoft via Trend Micro’s Zero Day Initiative, identified the affected system component as the Microsoft Kernel Streaming Service (MSKSSRV.SYS).
CVE-2024-20767 : This vulnerability affects Adobe ColdFusion and involves improper access control. Such vulnerabilities can be exploited by attackers to gain unauthorized access to sensitive information or systems, presenting a significant threat to cybersecurity.
These vulnerabilities are frequently used by malicious cyber actors as attack vectors, posing substantial risks to federal systems.
In response, CISA’s Binding Operational Directive (BOD) 22-01, titled “Reducing the Significant Risk of Known Exploited Vulnerabilities,” mandates that Federal Civilian Executive Branch (FCEB) agencies remediate these vulnerabilities by specified deadlines.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise” CISA added.
While BOD 22-01 explicitly targets FCEB agencies, CISA strongly recommends that all organizations take proactive measures to limit their cyber-attack exposure.
Organizations can enhance their overall cybersecurity posture by prioritizing the timely remediation of these cataloged vulnerabilities. This practice is a crucial component of a robust vulnerability management strategy.
CISA remains committed to updating the Known Exploited Vulnerabilities Catalog with new vulnerabilities that meet its defined criteria.
This living list serves as a critical resource for understanding current threats and mitigating risks. Organizations are encouraged to consult the BOD 22-01 Fact Sheet for further details on managing these vulnerabilities.
#Cyber_Security_News #Vulnerability #Vulnerability_News #Windows #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
