The Cybersecurity and Infrastructure Security Agency (CISA) has recently added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, emphasizing the pressing need for organizations to address these risks promptly.
The vulnerabilities in question—CVE-2024-30088, CVE-2024-9680, and CVE-2024-28987—are actively exploited by malicious cyber actors and pose substantial threats to federal and private sector entities alike.
Understanding the New Exploited Vulnerabilities (KEV) Vulnerabilities
The three newly added vulnerabilities include CVE-2024-30088, which is a race condition vulnerability within the Microsoft Windows kernel. This issue poses significant risks due to its potential for exploitation.
Another critical vulnerability is CVE-2024-9680, a use-after-free flaw identified in both Mozilla Firefox and Thunderbird. This vulnerability allows attackers to execute arbitrary code, making it a serious concern for users of these applications.
Lastly, CVE-2024-28987 highlights a hardcoded credential vulnerability in SolarWinds Web Help Desk (WHD). This issue enables remote unauthenticated users to access internal functionalities and modify data.
CVE-2024-28987: Hardcoded Credential Vulnerability
The first vulnerability, CVE-2024-28987, impacts the SolarWinds Web Help Desk software, particularly version 12.8.3 HF1 and earlier. Classified as critical with a CVSS score of 9.1, this vulnerability enables remote unauthenticated users to access internal functionalities and alter data due to hardcoded credentials embedded within the software. Publicly available proof-of-concept exploits further underscore its severity. Notably, Cyble’s ODIN scanner has detected around 920 internet-facing instances of SolarWinds WHD, with the majority located in the United States.
CVE-2024-9680: Use-After-Free Vulnerability
CVE-2024-9680 affects multiple versions of Firefox and Thunderbird, with a staggering CVSS score of 9.8. This vulnerability stems from a use-after-free flaw in animation timelines, allowing attackers to execute arbitrary code. Mozilla has acknowledged reports of this vulnerability being actively exploited in the wild, highlighting the urgency for immediate remediation.
CVE-2024-30088: Windows Kernel Race Condition
The third vulnerability, CVE-2024-30088, poses a high severity threat, scoring 7.0 on the CVSS scale. This vulnerability affects various Windows products, including Windows Server 2016, Windows 10, and Windows 11. Exploiting a race condition in the Windows kernel, it allows attackers to gain SYSTEM privileges.
The Importance of Remediation
CISA’s Binding Operational Directive (BOD) 22-01 establishes a structured approach for federal agencies to manage known exploited vulnerabilities effectively. This directive requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by specified due dates to safeguard their networks against active threats. While BOD 22-01 applies primarily to federal agencies, CISA strongly encourages all organizations to prioritize the timely remediation of vulnerabilities in the KEV catalog.
Organizations that fail to act on these vulnerabilities face significant risks, including potential data breaches, ransomware attacks, and the escalation of privileges that could lead to severe consequences.
Conclusion
To effectively mitigate the risks posed by the newly identified vulnerabilities, organizations should take immediate action. First, they must apply the latest patches from official vendors across all systems and establish a routine update schedule, prioritizing critical patches. Implementing network segmentation will help isolate sensitive assets from less secure areas, reducing risk.
Organizations should also develop incident response plan that includes procedures for detecting and recovering from security incidents, with regular testing to ensure its effectiveness. Comprehensive monitoring and logging solutions, along with Security Information and Event Management (SIEM) systems, are essential for real-time threat detection. Additionally, proactively addressing End-of-Life (EOL) products is crucial for minimizing risks.