CISA Warns of Adobe & Windows Kernel Driver Vulnerabilities Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding two significant vulnerabilities to its Known Exploited Vulnerabilities Catalog.

These vulnerabilities, actively exploited by malicious actors, underscore the growing risks facing organizations.

Adobe ColdFusion Access Control Weakness (CVE-2024-20767)

One of the newly added vulnerabilities, CVE-2024-20767, affects Adobe ColdFusion due to improper access control.

This flaw allows unauthorized attackers to read arbitrary files on a server running vulnerable versions of ColdFusion.

2024 MITRE ATT&CK Evaluation Results Released for SMEs & MSPs -> Download Free Guide

It is particularly concerning given ColdFusion’s widespread use in web application development, making organizations reliant on it vulnerable to data breaches and operational disruptions.

Adobe has released security updates to address this issue, and organizations using ColdFusion 2023 (Update 6 and earlier) or ColdFusion 2021 (Update 12 and earlier) are strongly urged to apply the latest patches immediately. Failing to do so could expose critical systems to exploitation.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise” CISA added.

Windows Kernel Privilege Escalation Flaw (CVE-2024-35250)

The second vulnerability, CVE-2024-35250, resides in the Windows Kernel-Mode Driver and involves an untrusted pointer dereference issue.

This flaw allows attackers to escalate privileges to SYSTEM level, enabling them to execute arbitrary code with full administrative rights.

The vulnerability affects various Windows versions, including Windows 11 and multiple Windows Server editions, making it a high-priority threat for enterprises.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” Microsoft fixed the vulnerability in the recent December patch Tuesday release.

Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must remediate these vulnerabilities by January 6, 2025, to protect federal networks against active threats.

While this directive is mandatory for federal agencies, CISA strongly recommends that private organizations also prioritize addressing these vulnerabilities as part of their cybersecurity strategies.

By implementing timely updates and maintaining robust vulnerability management practices, organizations can reduce their exposure to cyberattacks and strengthen their overall security posture.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free