CISA Warns of Actively Exploited Flaws: CVE-2023-36584, CVE-2023-1671, and CVE-2023-2551

In an urgent alert, the Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations of three actively exploited vulnerabilities that pose a significant threat to their networks. These vulnerabilities, classified as CVE-2023-36584, CVE-2023-1671, and CVE-2023-2551, have been observed being used by malicious actors to compromise systems and gain unauthorized access.

CVE-2023-36584: Bypassing Microsoft Windows Mark-of-the-Web (MOTW) Defenses

CVE-2023-36584 affects Microsoft Windows operating systems and allows attackers to bypass Mark-of-the-Web (MOTW) defenses. MOTW is a security feature that helps protect users from malicious files downloaded from the internet. By exploiting this vulnerability, attackers can host malicious files on their own servers and trick users into downloading them, potentially compromising their systems.

CVE-2023-1671: Command Injection in Sophos Web Appliance

CVE-2023-1671 affects Sophos Web Appliance versions older than 4.3.10.4. This vulnerability allows attackers to execute arbitrary code on vulnerable systems, granting them complete control over the affected devices.

CVE-2023-2551: Unspecified Vulnerability in Oracle Fusion Middleware

CVE-2023-2551 affects Oracle Fusion Middleware and allows unauthenticated attackers with network access to compromise WebLogic Server. This vulnerability can be exploited remotely, making it a particularly dangerous threat.

CISA Recommendations for Immediate Remediation

In light of the active exploitation of these vulnerabilities, CISA has issued an urgent recommendation for all federal agencies to apply the available patches by December 7, 2023. Organizations are also advised to follow these general guidelines to protect their networks:

• Regularly update software and firmware to the latest versions.

• Implement and maintain a strong patch management process.

• Enable and utilize security solutions, such as firewalls, intrusion detection systems, and endpoint protection software.

• Educate employees about cybersecurity best practices, including phishing scams and social engineering attacks.

• Regularly conduct vulnerability scans and penetration tests to identify and remediate security weaknesses.