Adrian Johnson
TLDR:
– CISA has confirmed active cyber attacks on five Windows vulnerabilities
– Windows users must update by September 3 to mitigate the risk
New Windows Cyber Attacks Confirmed—CISA Says Update By September 3
Windows users have been urged to update their systems by September 3 as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed active cyber attacks on five Windows vulnerabilities. These vulnerabilities have been added to the Known Exploited Vulnerabilities Catalog, emphasizing the importance of patching to keep pace with threat activity.
The five Windows zero-day vulnerabilities include:
- CVE-2024-38178: Windows scripting engine memory corruption vulnerability
- CVE-2024-38213: Windows ‘Mark of the Web’ security feature bypass vulnerability
- CVE-2024-38193: Elevation of privilege vulnerability in the Windows ancillary function driver for WinSock
- CVE-2024-38106: Windows kernel elevation of privilege vulnerability
- CVE-2024-38107: Use-after-free elevation of privilege vulnerability affecting the Windows power dependency coordinator
Each of these vulnerabilities poses a significant risk, from remote code execution to escalation of privileges. It is essential for organizations and consumers alike to prioritize patching to mitigate the potential impact of these cyber attacks.
For organizations required to test updates before applying them, it is crucial to take note of the Known Exploited Vulnerabilities and prioritize patch management accordingly. By staying informed and proactively updating their systems, users can reduce their exposure to cyber threats and enhance their overall cybersecurity posture.
