{"id":36733,"date":"2024-12-30T10:21:58","date_gmt":"2024-12-30T09:21:58","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=36733"},"modified":"2024-12-30T10:21:58","modified_gmt":"2024-12-30T09:21:58","slug":"cisa-warnings-vulnerabilities-in-windows-kernel-cleo-etc","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/12\/30\/cisa-warnings-vulnerabilities-in-windows-kernel-cleo-etc\/","title":{"rendered":"CISA warnings: Vulnerabilities in Windows Kernel, Cleo etc"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2024\/12\/20\/cisa-warn-vor-windows-kernel-schwachstellen-cve-2024-20767-cve-2024-35250\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]The US cyber security authority CISA has added further entries to its vulnerability catalog. It warns of the Adobe ColdFusion vulnerability CVE-2024-20767, the Windows kernel vulnerability CVE-2024-35250 and vulnerabilities in the Cleo software. The vulnerabilities are known to be exploited.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg02.met.vgwort.de\/na\/e631137584c34fcba88fb2c44bbc711d\" alt=\"\" width=\"1\" height=\"1\" \/>I recently came across the warning via the following tweet. However, I was already aware of some of the vulnerabilities listed in the <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\">Exploited Vulnerabilities Catalog<\/a> two weeks ago.<\/p>\n<p><a href=\"https:\/\/x.com\/CISACyber\/status\/1868687737827598464\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"\" src=\"https:\/\/i.postimg.cc\/DyMjXL28\/image.png\" alt=\"Windows vulnerabilities\" width=\"554\" height=\"505\" \/><\/a><\/p>\n<h2>Windows kernel vulnerability (CVE-2024-35250)<\/h2>\n<p>Security researchers from Devcore published an article <a href=\"https:\/\/devco.re\/blog\/2024\/08\/23\/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en\/\" target=\"_blank\" rel=\"noopener\">Streaming vulnerabilities from Windows Kernel &#8211; Proxying to Kernel &#8211; Part I<\/a> on various vulnerabilities on August 23, 2024. These include the vulnerability <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-35250\" target=\"_blank\" rel=\"noopener\">CVE-2024-35250<\/a>, which was closed by Microsoft in June 2024 through security updates. Microsoft classified the vulnerability as important with a CVE 3.1 score of 7.8, but considered its exploitability to be \"unlikely\".<\/p>\n<p>As far as I know, Microsoft has never published more information about the vulnerability. Devcore states that it is a Windows Kernel-Mode Driver Elevation of Privilege vulnerability in ks.sys (MSKSSRV is also involved), which could be used by attackers to gain SYSTEM privileges. The <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2024\/12\/16\/cisa-adds-two-known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\">CISA warning<\/a> added on December 16, 2024 now means that this vulnerability is being exploited in attacks. Bleeping Computer has compiled some more information <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/windows-kernel-bug-now-exploited-in-attacks-to-gain-system-privileges\/\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<h2>Adobe ColdFusion vulnerability CVE-2024-20767<\/h2>\n<p>The vulnerability CVE-2024-20767 in Adobe ColdFusion is related to access control. This could allow an attacker to access an accessible admin panel over the Internet and view or modify restricted files.<\/p>\n<h2>Cleo Harmony vulnerabilities<\/h2>\n<p>According to CISA, several vulnerabilities in Cleo Harmony, VLTrader and LexiCom have also been added to the catalog. Bleeping Computer has discussed this <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-confirms-critical-cleo-bug-exploitation-in-ransomware-attacks\/\" target=\"_blank\" rel=\"noopener\">here<\/a>. Cleo Harmony is a file exchange software. As of December 10, 2024, Bleeping Computer had <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-cleo-zero-day-rce-flaw-exploited-in-data-theft-attacks\/\" target=\"_blank\" rel=\"noopener\">reported<\/a> a vulnerability in Cleo Harmony, which is also being exploited. The Clop ransomware group claimed to be exploiting the vulnerability to steal data (<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks\/\" target=\"_blank\" rel=\"noopener\">see<\/a>). Cleo has since patched the vulnerability. Anyone using the above-mentioned products should therefore update them.<\/p>\n<h2>CISA requires Microsoft 365 tenants to be secured<\/h2>\n<p>I also <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-orders-federal-agencies-to-secure-microsoft-365-tenants\/\" target=\"_blank\" rel=\"noopener\">saw<\/a> from my colleagues at Bleeping Computer that US CISA is requiring agencies to secure Microsoft 365 tenants. BOD 25-01, according to Bleeping Computer, requires FCEB agencies to utilize the automated configuration assessment tools developed by CISA (ScubaGear for Microsoft 365 audits). This enables a continuous monitoring infrastructure of the cybersecurity authority and any deviations from secure configurations are to be remediated within predefined timeframes.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The US cyber security authority CISA has added further entries to its vulnerability catalog. It warns of the Adobe ColdFusion vulnerability CVE-2024-20767, the Windows kernel vulnerability CVE-2024-35250 and vulnerabilities in the Cleo software. The vulnerabilities are known to be exploited.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,1544],"class_list":["post-36733","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/36733","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=36733"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/36733\/revisions"}],"predecessor-version":[{"id":36734,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/36733\/revisions\/36734"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=36733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=36733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=36733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}