The Cybersecurity and Infrastructure Security Agency (CISA) has added ten new security bugs to its list of actively exploited vulnerabilities, including a very serious local escalation bug in the Windows Common Log File System Driver.
This very serious security flaw (tracked as CVE-2022-24521) was reported by CrowdStrike and the US National Security Agency (NSA), and was patched by Microsoft during this month’s Patch Tuesday.
Under a binding operational directive (BOD 22-01) issued in November, all Federal Civilian Executive Branch Agencies (FCEB) agencies must secure their systems against this security flaw after being added to the CISA catalog of Known Exploited Vulnerabilities ( KEV).
CISA has given them three weeks, until May 2, to patch the vulnerability CVE-2022-24521 and block ongoing exploitation attempts.
While the BOD 22-01 directive only applies to US federal agencies, CISA also strongly urges all US organizations to patch this actively exploited security bug to block attempts to increase privileges on their Windows systems.
The US cybersecurity firm today added nine additional vulnerabilities to its catalog, exploited in ongoing attacks.
Vulnerability Name CVE-2022-24521 Microsoft Windows CLFS Driver Privilege Escalation 2022-05-04 CVE-2018-7602 Drupal Core Remote Code Execution Vulnerability 2022-05-04 CVE-2018 -20753 Kaseya VSA Remote Code Execution Vulnerability 2022- 05-04 CVE-2015-5123 Adobe Flash Player Use-After-Free Vulnerability 2022-05-04 CVE-2015-5122 Adobe Flash Player Use-After -Free Vulnerability 2022-05-04 CVE-2015-3113 Adobe Flash Player Heap -Based Buffer Overflow 2022-05-04 CVE-2015-2502 Microsoft Internet Explorer Memory Corruption 2022-05-04 CVE-2015-0313 Adobe Flash Player Use-After-Free Vulnerability 2022-05-04 CVE-2015-0311 Adobe Flash Player Remote Code Execution Vulnerability 2022-05-04 CVE-2014-9163 Adobe Flash Player Stack-Based Buffer Overflow 2022- 05-04
Hundreds of actively exploited bugs added to CISA’s catalog
On Monday, CISA also ordered federal civilian agencies to patch an actively exploited security bug (CVE-2022-23176) in WatchGuard Firebox and XTM firewall devices.
The Russian-backed hacking group Sandworm has previously exploited this bug to build a botnet called Cyclops Blink out of compromised WatchGuard Small Office/Home Office (SOHO) network devices.
On Wednesday, the US government disrupted the Cyclops Blink botnet by removing the malware from command-and-control servers before weaponizing them and using them in attacks.
“Vulnerabilities like these are a frequent attack vector for all kinds of malicious cyber actors and pose a significant risk to the federal enterprise,” explains the US Cybersecurity Bureau.
After issuing the binding BOD 22-01 directive, CISA added hundreds of security vulnerabilities to its list of actively exploited vulnerabilities, directing US federal agencies to patch them as soon as possible to block security breaches.
This post CISA warns organizations to actively patch exploited Windows LPE bug
was original published at “https://www.bleepingcomputer.com/news/security/cisa-warns-orgs-to-patch-actively-exploited-windows-lpe-bug/”