CISA Warns of Three Vulnerabilities Actively Exploited in the Wild


The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding three critical vulnerabilities currently exploited in the wild.

These vulnerabilities affect widely used software products from Microsoft, Mozilla, and SolarWinds, posing significant security risks to organizations and individuals.

SIEM as a Service

CVE-2024-30088: Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

The first vulnerability, identified as CVE-2024-30088, is a time-of-check to time-of-use (TOCTOU) race condition in the Microsoft Windows Kernel.

This flaw could potentially allow attackers to escalate privileges on a compromised system. While it is unknown if this vulnerability is being used in ransomware campaigns, the risk of exploitation remains high.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Users are advised to apply mitigations according to Microsoft’s instructions or discontinue using the affected product if no mitigations are available. The deadline for addressing this vulnerability is November 5, 2024.

CVE-2024-9680: Mozilla Firefox Use-After-Free Vulnerability

The second vulnerability, CVE-2024-9680, affects Mozilla Firefox and Firefox ESR. It involves a use-after-free vulnerability in animation timelines that could enable attackers to execute arbitrary code within the content process.

Like the Microsoft vulnerability, it is unclear if this flaw is being leveraged in ransomware attacks.

Mozilla users should implement vendor-recommended mitigations or cease using the affected versions of Firefox if no solutions are provided. The due date for remediation is also set for November 5, 2024.

CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability

The third vulnerability, CVE-2024-28987, impacts SolarWinds Web Help Desk. This issue involves hardcoded credentials that could permit remote, unauthenticated users to access internal functionalities and alter data.

Although there is no current evidence of its use in ransomware campaigns, the potential for exploitation is concerning.

Organizations using SolarWinds Web Help Desk should follow vendor instructions for mitigation or discontinue use if no fixes are available by November 5, 2024.

CISA’s alert underscores the importance of timely patching and mitigation to protect systems from these vulnerabilities. Organizations are urged to prioritize these updates to safeguard their networks against potential attacks.

As cyber threats evolve, vigilance and proactive security measures remain crucial in defending against exploitation.

How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)



Source link