CISA Warns of Adobe & Windows Kernel Driver Exploited in Attacks


The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding two significant vulnerabilities to its Known Exploited Vulnerabilities Catalog.

These vulnerabilities, actively exploited by malicious actors, underscore the growing risks facing organizations.

Adobe ColdFusion Access Control Weakness (CVE-2024-20767)

One of the newly added vulnerabilities, CVE-2024-20767, affects Adobe ColdFusion due to improper access control.

– Advertisement –
SIEM as a Service

This flaw allows unauthorized attackers to read arbitrary files on a server running vulnerable versions of ColdFusion.

2024 MITRE ATT&CK Evaluation Results Released for SMEs & MSPs -> Download Free Guide

It is particularly concerning given ColdFusion’s widespread use in web application development, making organizations reliant on it vulnerable to data breaches and operational disruptions.

Adobe has released security updates to address this issue, and organizations using ColdFusion 2023 (Update 6 and earlier) or ColdFusion 2021 (Update 12 and earlier) are strongly urged to apply the latest patches immediately. Failing to do so could expose critical systems to exploitation.

Windows Kernel Privilege Escalation Flaw (CVE-2024-35250)

The second vulnerability, CVE-2024-35250, resides in the Windows Kernel-Mode Driver and involves an untrusted pointer dereference issue.

This flaw allows attackers to escalate privileges to SYSTEM level, enabling them to execute arbitrary code with full administrative rights.

The vulnerability affects various Windows versions, including Windows 11 and multiple Windows Server editions, making it a high-priority threat for enterprises.

Microsoft addressed this vulnerability in its June 2024 security updates, but proof-of-concept exploit code has since been released publicly. Organizations are advised to ensure their systems are fully updated to mitigate the risk of exploitation.

Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must remediate these vulnerabilities by January 6, 2025, to protect federal networks against active threats.

While this directive is mandatory for federal agencies, CISA strongly recommends that private organizations also prioritize addressing these vulnerabilities as part of their cybersecurity strategies.

By implementing timely updates and maintaining robust vulnerability management practices, organizations can reduce their exposure to cyberattacks and strengthen their overall security posture.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free



Source link