Source URL: https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-adds-three-known-exploited-vulnerabilities-catalog
Source: Alerts
Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability
CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
AI Summary and Description: Yes
Summary: CISA has identified three critical vulnerabilities that pose significant risks to federal enterprises, emphasizing the need for timely remediation as outlined in the Binding Operational Directive 22-01. These vulnerabilities are critical for organizations to prioritize in their cybersecurity efforts.
Detailed Description:
CISA (Cybersecurity and Infrastructure Security Agency) has updated its Known Exploited Vulnerabilities Catalog by adding the following newly identified vulnerabilities that are currently being actively exploited:
– **CVE-2024-30088**: A TOCTOU (Time-of-check to Time-of-use) race condition vulnerability in Microsoft Windows Kernel.
– **CVE-2024-9680**: A use-after-free vulnerability in Mozilla Firefox.
– **CVE-2024-28987**: A hardcoded credential vulnerability in SolarWinds Web Help Desk.
These vulnerabilities are notable for the following reasons:
– **Active Exploitation**: The classification as ‘known exploited’ indicates that these vulnerabilities are not theoretical but are indeed being targeted in the wild by attackers, heightening the urgency for action.
– **Defense Implications**: CISA’s Binding Operational Directive (BOD) 22-01 outlines the necessity for federal agencies to address such vulnerabilities promptly. This directive establishes a framework for federal agencies to systematically remediate identified vulnerabilities to protect governmental networks and data.
– **Broader Recommendation**: While BOD 22-01 applies specifically to Federal Civilian Executive Branch agencies, CISA encourages all organizations to adopt similar practices. Prioritizing the patching of these vulnerabilities minimizes the risk of cyberattacks across the broader landscape, highlighting the importance of robust vulnerability management practices.
– **Living Catalog**: The Known Exploited Vulnerabilities Catalog evolves as CISA continues to identify and add vulnerabilities that meet strict criteria, which necessitates ongoing vigilance from organizations monitoring their security posture.
The implications of these developments are significant for security and compliance professionals. Organizations must take proactive steps to:
– Update and patch systems promptly upon notification of new vulnerabilities.
– Integrate vulnerability management with broader risk management and cybersecurity strategies.
– Establish monitoring and reporting mechanisms to stay informed about newly classified vulnerabilities.
– Implement training and awareness programs to educate staff about the importance of up-to-date systems and the risks associated with known vulnerabilities.
In summary, CISA’s updates highlight critical active vulnerabilities that must be addressed to strengthen overall cybersecurity resilience and compliance, particularly within federal networks but applicable to all organizational structures.