CISA Warns: Patch Now! Critical Windows and Adobe Flaws Under Active Attack
CISA has issued a warning to federal agencies, urging them to fortify their systems against ongoing attacks exploiting a critical Windows kernel vulnerability.
Tracked as CVE-2024-35250 (CVSS score: 7.8), the flaw stems from an Untrusted Pointer Dereference issue. It allows local attackers to escalate privileges to SYSTEM through straightforward attacks that require no user interaction. The vulnerability was identified and disclosed to Microsoft by researchers from DEVCORE, who pinpointed the affected component as the Microsoft Kernel Streaming Service (MSKSSRV.SYS).
During the Pwn2Own Vancouver 2024 competition, the DEVCORE team leveraged this flaw to achieve privilege escalation and compromise a fully updated Windows 11 system. Microsoft addressed the vulnerability in its June 2024 Patch Tuesday update. However, a working exploit code surfaced on GitHub four months later.
Additionally, CISA has added another critical flaw to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-20767, a vulnerability in Adobe ColdFusion with a CVSS score of 7.4. Resolved by Adobe in March, this flaw arises from insufficient access controls, enabling unauthenticated remote attackers to access sensitive system files.
According to SecureLayer7, exploiting ColdFusion servers with exposed admin panels allows attackers to bypass security measures and execute arbitrary file writes. The Fofa search engine indicates that over 145,000 ColdFusion servers are accessible online, though the exact number with open admin panels remains unknown.
Both vulnerabilities have been flagged in the KEV catalog as actively exploited. Under Directive BOD 22-01, federal agencies are mandated to secure their networks within three weeks, by January 6. CISA underscored that such vulnerabilities are frequent attack vectors and pose a significant threat to federal infrastructure. While the KEV catalog primarily targets government entities, private organizations are strongly encouraged to remediate these vulnerabilities immediately to defend against active threats.
