Cyber Security

CISA adds 15 vulnerabilities to list of flaws exploited in attacks

Published

on

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen additional flaws to its list of actively exploited vulnerabilities known to be used in cyberattacks.

These public warnings aim to raise awareness to system administrators who have yet to apply the corresponding security updates and urge them to prioritize the action.

Since threat actors have been observed targeting these flaws in the attacks, failing to address the security issues means risking a network compromise that can lead to a catastrophic data breach or ransomware attack.

For this reason, CISA gives federal agencies a deadline of April 5, 2022, to apply the available security updates for the following 15 highlighted older vulnerabilities, which were disclosed in 2015 through 2020.

CVE IDDescriptionPatch Deadline
CVE-2020-5135SonicWall SonicOS Buffer Overflow Vulnerability4/5/2022
CVE-2019-1405Microsoft Windows UPnP Service Privilege Escalation Vulnerability4/5/2022
CVE-2019-1322Microsoft Windows Privilege Escalation Vulnerability4/5/2022
CVE-2019-1315Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability4/5/2022
CVE-2019-1253Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability4/5/2022
CVE-2019-1129Microsoft Windows AppXSVC Privilege Escalation Vulnerability4/5/2022
CVE-2019-1069Microsoft Task Scheduler Privilege Escalation Vulnerability4/5/2022
CVE-2019-1064Microsoft Windows AppXSVC Privilege Escalation Vulnerability4/5/2022
CVE-2019-0841Microsoft Windows AppXSVC Privilege Escalation Vulnerability4/5/2022
CVE-2019-0543Microsoft Windows Privilege Escalation Vulnerability4/5/2022
CVE-2018-8120Microsoft Win32k Privilege Escalation Vulnerability4/5/2022
CVE-2017-0101Microsoft Windows Transaction Manager Privilege Escalation Vulnerability4/5/2022
CVE-2016-3309Microsoft Windows Kernel Privilege Escalation Vulnerability4/5/2022
CVE-2015-2546Microsoft Win32k Memory Corruption Vulnerability4/5/2022
CVE-2019-1132Microsoft Win32k Privilege Escalation Vulnerability4/5/2022

Older flaws still targeted

Most flaws in the new set highlighted by CISA concern privilege escalation problems on Windows, of which one, CVE-2019-0841, has a published proof-of-concept (PoC) exploit that threat actors can pick up and use immediately on vulnerable systems.

The CVE-2019-1069 privilege escalation flaw on the Microsoft Task Scheduler was leveraged by the Ryuk ransomware group last April, which used it to raise its code execution rights on compromised systems.

The exploitation of CVE-2019-1132 has been previously linked to the Buhtrap hacking group, which used the zero-day flaw against governmental entities to run arbitrary code in kernel mode.

The significantly older CVE-2018-8120 on Win32k was first seen exploited for attacks as a zero-day back in May 2018, but apparently, it’s still valuable for threat actors.

Finally, CISA highlights CVE-2020-5135, a critical buffer overflow vulnerability in SonicWall VPNs that impacted over 800,000 devices at the time of its discovery.

Although SonicWall attempted to fix it with a patch, it was later discovered that the fixing was partial. As a result, administrators of SonicWall VPNs had to patch it again while a PoC was already in circulation.

These latest additions bring CISA’s Known Exploited Vulnerabilities Catalog to a total of 504 flaws, which admins cannot ignore as they’re all used by threat actors.

Organizations are advised to monitor that list and ensure they have addressed all security gaps on their systems, as adversaries don’t care how old a flaw is as long as it can give them unauthorized access to the target.

Source: https://www.bleepingcomputer.com/news/security/cisa-adds-15-vulnerabilities-to-list-of-flaws-exploited-in-attacks/

Click to comment
Exit mobile version