The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two critical vulnerabilities being actively exploited by malicious actors. These flaws, impacting both Microsoft Windows and Adobe ColdFusion, can cause significant damage if left unaddressed.
Windows Kernel Vulnerability Grants Attackers System Control
The first vulnerability, tracked as CVE-2024-35250, resides in the Windows Kernel-Mode Drivers. This flaw, with a CVSS score of 7.8, allows attackers to escalate privileges and gain complete control of a system. Exploitation is achieved by manipulating the IOCTL_KS_PROPERTY request in Kernel Streaming (ks.sys). The vulnerability was initially brought to light during the Pwn2Own Vancouver 2024 competition, where security researcher Angelboy (@scwuaptx) demonstrated its potential for malicious use. Adding to the concern, a Proof of Concept (PoC) exploit code has been released, making it easier for attackers to leverage this vulnerability.
Adobe ColdFusion Flaw Exposes Sensitive Data
The second vulnerability, CVE-2024-20767, affects Adobe ColdFusion. This critical flaw stems from improper access control, allowing unauthenticated, remote attackers to read sensitive files, including system files. Furthermore, attackers can exploit this vulnerability to bypass security measures and execute arbitrary file system writes, potentially leading to complete system compromise. The vulnerability has been actively exploited since March 2024, with multiple PoC exploits circulating online.
CISA Mandates Urgent Action
CISA has added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing the immediate need for action. Federal Civilian Executive Branch (FCEB) agencies are mandated to patch these vulnerabilities by January 6, 2025. However, CISA strongly recommends that all organizations prioritize patching these flaws as soon as possible to protect their systems from potential attacks.
Related Posts:
- CISA warns of critical Adobe ColdFusion flaw (CVE-2023-26359) exploited in the wild
- CVE-2024-20767: Critical Adobe ColdFusion Flaw Exposes Sensitive Files, PoC Published
- CVE-2023-26360 – A critical zero-day flaw in Adobe ColdFusion
- PoC Exploit Release for Windows Kernel-Mode Driver Elevation of Privilege Flaw (CVE-2024-35250)
