CISA Adds Fortinet and Microsoft Zero-Day to Known Exploited Vulnerabilities Catalog
- С сайта: Zero-Day(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Zero-Day(cybersecuritynews.com)
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog to include critical zero-day vulnerabilities affecting Fortinet FortiOS and Microsoft Windows’ Hyper-V NT Kernel Integration.
This action underscores the growing importance of proactive vulnerability management amidst increasing cyber threats.
CISA’s KEV catalog serves as the authoritative source for vulnerabilities that are actively exploited in the wild.
Organizations are urged to use this catalog as a key input to their vulnerability management prioritization framework to defend against exploitation attempts.
The newly added vulnerabilities highlight critical risks for both enterprise network infrastructure and virtualization environments, requiring immediate attention.
Fortinet FortiOS Authorization Bypass Vulnerability (CVE-2024-55591)
Fortinet FortiOS contains a critical authorization bypass vulnerability that could allow unauthenticated remote attackers to gain super-admin privileges by sending crafted requests to the Node.js WebSocket module.
Classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel), this vulnerability poses a significant threat to enterprise network security, as it enables attackers to take full control over the system if exploited.
While its exploitation in ransomware campaigns is unknown at this time, organizations are advised to apply the mitigations provided by Fortinet or discontinue the use of vulnerable versions if no fix is available.
This vulnerability was added to the catalog on January 14, 2025, with a mitigation deadline of January 21, 2025.
Microsoft Windows Hyper-V Vulnerabilities
Microsoft released a security update for January 2025 as part of the Junuray Patch Tuesday that addressed 159 vulnerabilities, including 10 classified as critical Remote Code Execution (RCE) vulnerabilities including the following 0-day vulnerabilities.
Three separate vulnerabilities in Microsoft Windows Hyper-V NT Kernel Integration VSP have been flagged, all of which allow local attackers to escalate privileges to SYSTEM level.
CVE-2025-21333: Heap-based Buffer Overflow
A heap-based buffer overflow vulnerability in Hyper-V NT Kernel Integration VSP could allow an attacker to gain SYSTEM privileges.
Classified under CWE-122 (Heap-based Buffer Overflow), this vulnerability poses a critical security risk.
While its exploitation in ransomware campaigns is currently unknown, organizations are strongly advised to apply Microsoft’s mitigations or discontinue the use of affected product versions.
This vulnerability was added to the catalog on January 14, 2025, with a mitigation deadline of February 4, 2025.
CVE-2025-21334: Use-After-Free Vulnerability
A use-after-free vulnerability in the Hyper-V NT Kernel Integration VSP allows local attackers to execute code with SYSTEM privileges.
Identified as CWE-416 (Use After Free), this vulnerability represents a critical threat to system security.
Although its exploitation in ransomware campaigns is currently unknown, organizations are advised to follow Microsoft’s mitigation guidance or discontinue the use of the affected software if updates are unavailable.
This vulnerability was added to the catalog on January 14, 2025, with a mitigation deadline of February 4, 2025.
CVE-2025-21335: Use-After-Free Vulnerability (Identical to CVE-2025-21334)
This vulnerability is functionally identical to CVE-2025-21334 and could similarly allow SYSTEM privilege escalation through a use-after-free scenario in the Hyper-V NT Kernel Integration VSP.
Classified under CWE-416 (Use After Free), it poses a significant security risk.
While its exploitation in ransomware campaigns remains unknown, organizations are urged to apply the necessary patches or discontinue the use of affected software versions if fixes are unavailable.
This vulnerability was added to the catalog on January 14, 2025, with a mitigation deadline of February 4, 2025.
Urgent Action Required
CISA recommends that all organizations prioritize mitigation of vulnerabilities listed in the KEV catalog. Failure to do so can leave critical assets exposed to exploitation, increasing the likelihood of targeted attacks, data breaches, or ransomware incidents.
Organizations should:
The KEV catalog is accessible in CSV, JSON, JSON Schema, and print-friendly formats to aid organizations in integrating the data into their vulnerability management workflows.
For security professionals, these updates emphasize the critical need to maintain vigilance and quickly address vulnerabilities that pose an active threat to organizational systems. As always, the KEV catalog remains an indispensable resource for staying ahead of adversaries.
#Current_Cyber_News #Cyber_Attack_Today #Cyber_Security_News #Zero_Trust_News #Zero-Day #cyber_security #cyber_security_news
Оригинальная версия на сайте:
CISA Adds Fortinet and Microsoft Zero-Day to Known Exploited Vulnerabilities Catalog
Author: Balaji NThe Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog to include critical zero-day vulnerabilities affecting Fortinet FortiOS and Microsoft Windows’ Hyper-V NT Kernel Integration.
This action underscores the growing importance of proactive vulnerability management amidst increasing cyber threats.
CISA’s KEV catalog serves as the authoritative source for vulnerabilities that are actively exploited in the wild.
Organizations are urged to use this catalog as a key input to their vulnerability management prioritization framework to defend against exploitation attempts.
The newly added vulnerabilities highlight critical risks for both enterprise network infrastructure and virtualization environments, requiring immediate attention.
Fortinet FortiOS Authorization Bypass Vulnerability (CVE-2024-55591)
Fortinet FortiOS contains a critical authorization bypass vulnerability that could allow unauthenticated remote attackers to gain super-admin privileges by sending crafted requests to the Node.js WebSocket module.
Classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel), this vulnerability poses a significant threat to enterprise network security, as it enables attackers to take full control over the system if exploited.
While its exploitation in ransomware campaigns is unknown at this time, organizations are advised to apply the mitigations provided by Fortinet or discontinue the use of vulnerable versions if no fix is available.
This vulnerability was added to the catalog on January 14, 2025, with a mitigation deadline of January 21, 2025.
Microsoft Windows Hyper-V Vulnerabilities
Microsoft released a security update for January 2025 as part of the Junuray Patch Tuesday that addressed 159 vulnerabilities, including 10 classified as critical Remote Code Execution (RCE) vulnerabilities including the following 0-day vulnerabilities.
Three separate vulnerabilities in Microsoft Windows Hyper-V NT Kernel Integration VSP have been flagged, all of which allow local attackers to escalate privileges to SYSTEM level.
CVE-2025-21333: Heap-based Buffer Overflow
A heap-based buffer overflow vulnerability in Hyper-V NT Kernel Integration VSP could allow an attacker to gain SYSTEM privileges.
Classified under CWE-122 (Heap-based Buffer Overflow), this vulnerability poses a critical security risk.
While its exploitation in ransomware campaigns is currently unknown, organizations are strongly advised to apply Microsoft’s mitigations or discontinue the use of affected product versions.
This vulnerability was added to the catalog on January 14, 2025, with a mitigation deadline of February 4, 2025.
CVE-2025-21334: Use-After-Free Vulnerability
A use-after-free vulnerability in the Hyper-V NT Kernel Integration VSP allows local attackers to execute code with SYSTEM privileges.
Identified as CWE-416 (Use After Free), this vulnerability represents a critical threat to system security.
Although its exploitation in ransomware campaigns is currently unknown, organizations are advised to follow Microsoft’s mitigation guidance or discontinue the use of the affected software if updates are unavailable.
This vulnerability was added to the catalog on January 14, 2025, with a mitigation deadline of February 4, 2025.
CVE-2025-21335: Use-After-Free Vulnerability (Identical to CVE-2025-21334)
This vulnerability is functionally identical to CVE-2025-21334 and could similarly allow SYSTEM privilege escalation through a use-after-free scenario in the Hyper-V NT Kernel Integration VSP.
Classified under CWE-416 (Use After Free), it poses a significant security risk.
While its exploitation in ransomware campaigns remains unknown, organizations are urged to apply the necessary patches or discontinue the use of affected software versions if fixes are unavailable.
This vulnerability was added to the catalog on January 14, 2025, with a mitigation deadline of February 4, 2025.
Urgent Action Required
CISA recommends that all organizations prioritize mitigation of vulnerabilities listed in the KEV catalog. Failure to do so can leave critical assets exposed to exploitation, increasing the likelihood of targeted attacks, data breaches, or ransomware incidents.
Organizations should:
- Review the KEV catalog at regular intervals to stay updated.
- Assess their systems for exposure to the listed vulnerabilities.
- Apply vendor-provided fixes or mitigations promptly.
- Discontinue use of vulnerable products if no updates or alternative protections are available.
The KEV catalog is accessible in CSV, JSON, JSON Schema, and print-friendly formats to aid organizations in integrating the data into their vulnerability management workflows.
For security professionals, these updates emphasize the critical need to maintain vigilance and quickly address vulnerabilities that pose an active threat to organizational systems. As always, the KEV catalog remains an indispensable resource for staying ahead of adversaries.
#Current_Cyber_News #Cyber_Attack_Today #Cyber_Security_News #Zero_Trust_News #Zero-Day #cyber_security #cyber_security_news
Оригинальная версия на сайте:
