CISA has warned U.S. Federal agencies must safeguard their systems from ongoing attacks targeting a critical Windows kernel vulnerability with high severity.
The vulnerability, tracked as CVE-2024-35250, stems from a security flaw that enables unauthenticated attackers to gain SYSTEM-level privileges through low-complexity attacks that do not necessitate user interaction.
While Microsoft remained tight-lipped about further details in its June announcement, Pattern Micro’s Zero Day Initiative revealed that a vulnerability exists within the Microsoft Kernel Streaming Service (MSKSSRV.SYS) component.
Researchers from DEVCORE exploited a previously unknown MSKSSRV privilege escalation vulnerability in Windows 11, successfully compromising a fully patched system on the first day of this year.
Four months after disclosure, Redmond patched the bug, preceded by a proof-of-concept exploit code released on GitHub.
“A successful attack on this vulnerability could result in an attacker gaining SYSTEM-level access,” the corporation warns, noting that patches have yet to be issued to mitigate the issue as it currently remains vulnerable to active exploitation.”
Devcore publicly released a demonstration video showcasing its proof-of-concept exploit for CVE-2024-35250, successfully compromising a Windows 11 version 23H2 system.
The US Cybersecurity and Infrastructure Security Agency has also addressed an essential Adobe ColdFusion vulnerability, tracked as , which Adobe resolved in March. Since then, several online proof-of-concept exploits have been published.
The CVE-2024-20767 vulnerability arises from a critical flaw in entry management, allowing unauthenticated remote attackers to glean sensitive information about the system. Without proper precautions, exploitation of vulnerabilities in ColdFusion servers’ admin panels exposed online can grant malicious actors unfettered access, enabling them to circumvent security safeguards and perform unrestricted file system writes.
The FOFA search engine tracks vulnerabilities, but it’s challenging to identify specific instances with remotely accessible admin panels?
Identify and categorize each vulnerability within the Recognized Exploited Vulnerabilities catalog, designating those that are currently being actively exploited. As mandated by the Binding Operational Directive (BOD) 22-01, all federal businesses are required to secure their networks within a three-week timeframe, which ends on January 6.
Malicious cyber actors frequently exploit a plethora of vulnerabilities that pose significant threats to the federal enterprise, according to a prominent cybersecurity firm.
While the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog primarily notifies federal entities of critical security flaws requiring prompt patching, private organizations are also urged to proactively address these vulnerabilities to prevent ongoing attacks.
