[German]The US cyber security authority CISA has added further entries to its vulnerability catalog. It warns of the Adobe ColdFusion vulnerability CVE-2024-20767, the Windows kernel vulnerability CVE-2024-35250 and vulnerabilities in the Cleo software. The vulnerabilities are known to be exploited.
Advertising
I recently came across the warning via the following tweet. However, I was already aware of some of the vulnerabilities listed in the Exploited Vulnerabilities Catalog two weeks ago.
Windows kernel vulnerability (CVE-2024-35250)
Security researchers from Devcore published an article Streaming vulnerabilities from Windows Kernel – Proxying to Kernel – Part I on various vulnerabilities on August 23, 2024. These include the vulnerability CVE-2024-35250, which was closed by Microsoft in June 2024 through security updates. Microsoft classified the vulnerability as important with a CVE 3.1 score of 7.8, but considered its exploitability to be "unlikely".
As far as I know, Microsoft has never published more information about the vulnerability. Devcore states that it is a Windows Kernel-Mode Driver Elevation of Privilege vulnerability in ks.sys (MSKSSRV is also involved), which could be used by attackers to gain SYSTEM privileges. The CISA warning added on December 16, 2024 now means that this vulnerability is being exploited in attacks. Bleeping Computer has compiled some more information here.
Adobe ColdFusion vulnerability CVE-2024-20767
The vulnerability CVE-2024-20767 in Adobe ColdFusion is related to access control. This could allow an attacker to access an accessible admin panel over the Internet and view or modify restricted files.
Advertising
Cleo Harmony vulnerabilities
According to CISA, several vulnerabilities in Cleo Harmony, VLTrader and LexiCom have also been added to the catalog. Bleeping Computer has discussed this here. Cleo Harmony is a file exchange software. As of December 10, 2024, Bleeping Computer had reported a vulnerability in Cleo Harmony, which is also being exploited. The Clop ransomware group claimed to be exploiting the vulnerability to steal data (see). Cleo has since patched the vulnerability. Anyone using the above-mentioned products should therefore update them.
CISA requires Microsoft 365 tenants to be secured
I also saw from my colleagues at Bleeping Computer that US CISA is requiring agencies to secure Microsoft 365 tenants. BOD 25-01, according to Bleeping Computer, requires FCEB agencies to utilize the automated configuration assessment tools developed by CISA (ScubaGear for Microsoft 365 audits). This enables a continuous monitoring infrastructure of the cybersecurity authority and any deviations from secure configurations are to be remediated within predefined timeframes.
Advertising
