Windows Kernel Vulnerability Actively Exploits in Attacks to Gain System Access

The Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its catalog of known exploited vulnerabilities, including one that is a Windows kernel vulnerability that is actively being used in attacks.

This update follows verified evidence of active exploitation of these vulnerabilities, highlighting the ongoing risk they pose to cybersecurity.

🛡️ We added #Adobe ColdFusion and #Microsoft #Windows kernel vulnerabilities CVE-2024-20767 and CVE-2024-35250 to our catalog of known exploited vulnerabilities. Visit https://t.co/myxOwap1Tf and apply mitigations to protect your organization from cyberattacks. #Cyber​​security #InfoSec pic.twitter.com/cFXLQbKQ0i

— CISA Cyber​​ (@CISACyber​​) December 16, 2024

CVE-2024-35250: Discovered in a Microsoft Windows kernel-mode driver, this vulnerability is characterized by an untrusted pointer dereference.

Such issues can cause a system to crash or allow an attacker to execute arbitrary code, making them a significant concern for security professionals.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” Microsoft fixed the vulnerability in its recent December Patch Tuesday release.

Microsoft provided limited details in a security advisory released in June; however, the DEVCORE research team, which discovered the vulnerability and reported it to Microsoft through Trend Micro’s Zero Day Program, identified the affected system component as the Microsoft Kernel Streaming Service (MSKSSRV.SYS).

CVE-2024-20767: This vulnerability affects Adobe ColdFusion and involves improper access control. Attackers can exploit this vulnerability to obtain sensitive information or unauthorized access to the system, posing a significant threat to network security.

These vulnerabilities are frequently used as attack vectors by malicious cyber actors and pose a significant risk to federal systems.

In response, CISA’s Binding Operational Directive (BOD) 22-01, entitled “Mitigating Significant Risk of Known Exploited Vulnerabilities,” requires Federal Civilian Executive Branch (FCEB) agencies to fix the vulnerabilities within a specified deadline.

CISA added: “These types of vulnerabilities are frequent attack vectors used by malicious cyber actors and pose a significant risk to federal enterprises.

While BOD 22-01 is specifically directed to FCEB agencies, CISA strongly recommends that all organizations take proactive steps to limit their risk of cyberattack.

Organizations can strengthen their overall cybersecurity posture by prioritizing the timely remediation of these categorized vulnerabilities. This practice is an important component of a strong vulnerability management strategy.

CISA works to update its catalog of known exploitable vulnerabilities with new vulnerabilities that meet its defined criteria.

This dynamic list is a great resource for understanding current threats and reducing risk. Organizations are advised to review the BOD 22-01 fact sheet for more details on managing these vulnerabilities.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

More like this

Apache MINA Vulnerability Let Attackers Execute Remote Code

IBM AIX Vulnerability Let Attackers Trigger DoS Condition