The US cybersecurity agency CISA has put out an alert on two critical risks that have been enumerated in the known Exploited Vulnerability Catalog.
The US cybersecurity agency CISA has put out an alert on two critical risks that have been enumerated in the known Exploited Vulnerability Catalog. Organizations of all sizes are now being exposed to certain risks as these vulnerabilities are still being targeted.
Adobe ColdFusion Incorrect Access Control (CVE-2024-20767): This Adobe ColdFusion vulnerability is characterized by the lack of proper access control, which may allow an attacker to gain access to part of the system that he/she should not be able to access. Since ColdFusion is one of the popular languages used in developing web applications, this is a severe threat to businesses.
Organizations that use the program should ensure that their Adobe ColdFusion application is updated with all the latest versions as a means of preventing data and system breaches.
Microsoft Windows Kernel-Mode Driver Untrusted Pointers Dereference (CVE-2024-35250): This vulnerability exists in the Windows Kernel-Mode Driver and pertains to an untrusted pointer dereference issue. If someone takes advantage of this vulnerability, they could still potentially execute code with system permission, opening up a way for significant intrusion into the business network. These findings are quite concerning since they target the core of the Windows system.
Microsoft is anticipated to issue security patches to fix this problem or might have already done so. It is crucial for users to promptly install these updates to protect their systems from security breaches.
Federal Civilian Executive Branch (FCEB) agencies are mandated by the Biding Operation Directive (BOD) 22-01 to address these vulnerabilities by a specified deadline. This directive aims to ensure that federal networks are protected against active threats by minimizing exposure to these high-risk CVEs.
CISA actively encourages public and commercial entities to implement proactive vulnerability management techniques, even though BOD 22-01 only applies to government agencies. Organizations should give priority to quickly fixing vulnerabilities found in the Catalog to better protect themselves from attackers.
In a cyber world where threats are growing, this proactive approach is essential for guaranteeing the security of systems and data. To reduce these risks, regular software updates, timely patch applications, and awareness of new vulnerabilities are critical.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.