CISA orders Windows security updates before October 1
Following the release of Microsoft’s Patch Tuesday security updates, and after Exploit Wednesday, it’s crucial not to become complacent. The Cybersecurity and Infrastructure Security Agency (CISA) in the US has mandated the patching of three specific Windows vulnerabilities by October 1st. Although this directive primarily targets federal employees, CISA strongly advises all organizations to refer to the Known Exploited Vulnerabilities catalog to stay updated on threats and bolster their vulnerability management strategies. These vulnerabilities are currently exploited by malicious entities, emphasizing the urgency for everyone to secure their systems promptly to combat potential attackers.
CISA has newly added four Microsoft vulnerabilities to the KEV catalog, including one that affects users of Microsoft Publisher and three that are specific to Windows.
The CISA announcement provides details on these vulnerabilities.
Regarding CVE-2024-38014, Satnam Narang, a senior staff research engineer at Tenable, explained that the exploit is used after initial system compromise. It allows an attacker to elevate privileges by exploiting this vulnerability once they have infiltrated a system. The methods for initial access can range, including other vulnerabilities, spear phishing, or brute force attacks.
The vulnerability identified as CVE-2024-30217 raises significant concerns. I have covered it in some detail here, where Saeed Abbasi, manager of vulnerability research at Qualys Threat Research Unit, indicated that it manipulates security warnings that usually alert users to the dangers of opening files from uncertain sources— a typical method leveraged in ransomware attacks.
I have also investigated the CVE-2024-43491 Windows Update remote code execution vulnerability. Despite affecting a minor portion of Windows 10 users, its threat level is critical, evidenced by a 9.8 out of 10 severity rating. It allows an attacker to revert security updates, reinstating vulnerabilities which had been patched. Kev Breen, senior director of threat research at Immersive Labs, mentions that, consequently, these vulnerabilities can still be exploited even if Windows Update appears to be fully patched.
CISA strongly advises all organizations to lessen their risk to cyberattacks by prioritizing timely resolution of cataloged vulnerabilities in their management practices. CISA will continue to update their catalog with vulnerabilities that meet their specified criteria, as stated in their concluding remarks.
One Community. Many Voices. Create a free account to share your thoughts.
Our community is all about fostering connections through open, thoughtful dialogue. It’s a place where readers can share their perspectives, engage in discussions, and exchange ideas and facts within a secure environment.
To ensure positive interactions, adhere to our posting guidelines as outlined in our site’s Terms of Service. Below, you’ll find a summary of these important rules. In essence, maintain civility at all times.
Your contribution might be declined if it is found to contain prohibited content.
User accounts will be blocked if we notice or believe that users are engaged in:
So, how can you be a power user?
Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.