Ethical Hacking News
U.S. CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog, highlighting the growing concern for cybersecurity as new threats emerge.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added three new bugs to its Known Exploited Vulnerabilities (KEV) catalog, posing a significant threat to cybersecurity. A Microsoft Windows Kernel bug, Mozilla Firefox bug, and SolarWinds Web Help Desk software bug have been identified as having moderate to high levels of severity. These bugs require specific expertise to exploit, but can still allow attackers to gain unauthorized access to sensitive systems if not addressed promptly. Organizations are recommended to review the KEV catalog and address the vulnerabilities in their infrastructure as soon as possible using patched software and regular updates. The U.S. government has also taken steps to address this vulnerability, with CISA ordering federal agencies to fix it by November 5, 2024.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently added three new bugs to its Known Exploited Vulnerabilities (KEV) catalog. These bugs, which include a vulnerability in the Microsoft Windows Kernel, Mozilla Firefox, and SolarWinds Web Help Desk software, pose a significant threat to cybersecurity as they can be exploited by attackers to gain unauthorized access to sensitive systems.
The Microsoft Windows Kernel bug, identified as CVE-2024-30088, is rated with a CVSS score of 7.0, indicating that it has a moderate level of severity. This vulnerability is described as a TOCTOU (Time-of-check to time-of-use) race condition and can allow an attacker to gain SYSTEM privileges by exploiting the race condition. However, it's worth noting that this vulnerability requires an attacker to win a race condition, which may be challenging for an attacker without significant expertise.
The Mozilla Firefox bug, identified as CVE-2024-9680, is rated with a CVSS score of 7.1, indicating that it has a moderate level of severity. This vulnerability is described as a use-after-free vulnerability and can allow an attacker to achieve code execution in the content process by exploiting this vulnerability.
The SolarWinds Web Help Desk bug, identified as CVE-2024-28987, is rated with a CVSS score of 9.1, indicating that it has a high level of severity. This vulnerability is described as a hardcoded credential vulnerability and can allow remote unauthenticated attackers to gain unauthorized access to vulnerable instances.
The addition of these bugs to the KEV catalog serves as a reminder of the ongoing threat landscape in cybersecurity. CISA's efforts to identify and address vulnerabilities are crucial in protecting against cyber threats, and it is essential for organizations and individuals to stay informed about known exploited vulnerabilities.
In response to this development, experts recommend that private organizations review the KEV catalog and address the vulnerabilities in their infrastructure as soon as possible. The use of patched software and regular updates can help prevent exploitation of these bugs. Additionally, CISA's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities requires federal agencies to address the identified vulnerabilities by the due date.
The U.S. government has also taken steps to address this vulnerability, with CISA ordering federal agencies to fix this vulnerability by November 5, 2024. This is a crucial reminder for organizations and individuals in the public sector to take immediate action to protect their networks against attacks exploiting these flaws.
Furthermore, researchers and experts warn of the potential consequences of ignoring or delaying addressing known exploited vulnerabilities. In recent months, we have seen numerous high-profile incidents of cyberattacks that could have been prevented with proper patching and vulnerability management.
The importance of staying informed about known exploited vulnerabilities cannot be overstated. As new bugs are identified and added to the KEV catalog, it is essential for organizations and individuals to take proactive steps to protect themselves against these threats.
In conclusion, the recent addition of Microsoft Windows Kernel, Mozilla Firefox, and SolarWinds Web Help Desk bugs to the Known Exploited Vulnerabilities catalog serves as a reminder of the ongoing threat landscape in cybersecurity. It is crucial for organizations and individuals to stay informed about known exploited vulnerabilities and take immediate action to address them.
U.S. CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog, highlighting the growing concern for cybersecurity as new threats emerge.
Related Information:
https://securityaffairs.com/169882/hacking/u-s-cisa-microsoft-windows-kernel-mozilla-firefox-solarwinds-web-help-desk-bugs-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2024-30088
https://www.cvedetails.com/cve/CVE-2024-30088/
https://nvd.nist.gov/vuln/detail/CVE-2024-9680
https://www.cvedetails.com/cve/CVE-2024-9680/
https://nvd.nist.gov/vuln/detail/CVE-2024-28987
https://www.cvedetails.com/cve/CVE-2024-28987/
Published: Wed Oct 16 12:50:55 2024 by llama3.2 3B Q4_K_M
