Source URL: https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog
Source: Alerts
Title: CISA Adds One Known Exploited Vulnerability to Catalog
Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
AI Summary and Description: Yes
Summary: The text discusses the recent addition of a vulnerability related to Microsoft SharePoint to the CISA’s Known Exploited Vulnerabilities Catalog, emphasizing the need for timely remediation to mitigate risks against cyber threats, particularly for federal agencies. This is of significant relevance to professionals in information security and compliance.
Detailed Description:
– The text details the inclusion of CVE-2024-38094, a deserialization vulnerability in Microsoft SharePoint, in the CISA’s Known Exploited Vulnerabilities Catalog.
– This addition reflects evidence of ongoing exploitation, indicating a need for organizations to take immediate action to protect their systems.
– The Binding Operational Directive (BOD) 22-01 focuses on reducing risks associated with known vulnerabilities and requires federal agencies to address these vulnerabilities in a timely manner.
– Although this directive applies specifically to Federal Civilian Executive Branch (FCEB) agencies, CISA encourages all organizations to adopt similar practices to safeguard against cyber threats.
Key points to consider:
– **Known Exploited Vulnerabilities Catalog**: A list maintained by CISA to provide organizations with necessary information about vulnerabilities actively being exploited in the wild.
– **CVE-2024-38094**: A critical vulnerability that may serve as an entry point for cyber attackers, stressing the urgency of remediation actions.
– **BOD 22-01 Requirements**: Mandates for FCEB agencies to remediate identified vulnerabilities, highlighting the significance of timely actions in maintaining security.
– **Recommendations for Organizations**: Emphasizes the broader applicability of BOD 22-01 principles by encouraging all organizations, not just federal ones, to prioritize vulnerability management.
This information serves as a crucial reminder for security professionals to continuously monitor and address vulnerabilities to defend their infrastructure against emerging threats effectively.