CISA Adds 15 Vulnerabilities to List of Flaws Exploited in Attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen additional flaws to its list of actively exploited vulnerabilities known to be used in cyberattacks.
These public warnings aim to raise awareness to system administrators who have yet to apply the corresponding security updates and urge them to prioritize the action.
Since threat actors have been observed targeting these flaws in the attacks, failing to address the security issues means risking a network compromise that can lead to a catastrophic data breach or ransomware attack.
Also Read: How to Register Data Protection Officer (DPO) in ACRA Bizfile+
For this reason, CISA gives federal agencies a deadline of April 5, 2022, to apply the available security updates for the following 15 highlighted older vulnerabilities, which were disclosed in 2015 through 2020.
|CVE ID||Description||Patch Deadline|
|CVE-2020-5135||SonicWall SonicOS Buffer Overflow Vulnerability||4/5/2022|
|CVE-2019-1405||Microsoft Windows UPnP Service Privilege Escalation Vulnerability||4/5/2022|
|CVE-2019-1322||Microsoft Windows Privilege Escalation Vulnerability||4/5/2022|
|CVE-2019-1315||Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability||4/5/2022|
|CVE-2019-1253||Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability||4/5/2022|
|CVE-2019-1129||Microsoft Windows AppXSVC Privilege Escalation Vulnerability||4/5/2022|
|CVE-2019-1069||Microsoft Task Scheduler Privilege Escalation Vulnerability||4/5/2022|
|CVE-2019-1064||Microsoft Windows AppXSVC Privilege Escalation Vulnerability||4/5/2022|
|CVE-2019-0841||Microsoft Windows AppXSVC Privilege Escalation Vulnerability||4/5/2022|
|CVE-2019-0543||Microsoft Windows Privilege Escalation Vulnerability||4/5/2022|
|CVE-2018-8120||Microsoft Win32k Privilege Escalation Vulnerability||4/5/2022|
|CVE-2017-0101||Microsoft Windows Transaction Manager Privilege Escalation Vulnerability||4/5/2022|
|CVE-2016-3309||Microsoft Windows Kernel Privilege Escalation Vulnerability||4/5/2022|
|CVE-2015-2546||Microsoft Win32k Memory Corruption Vulnerability||4/5/2022|
|CVE-2019-1132||Microsoft Win32k Privilege Escalation Vulnerability||4/5/2022|
Older flaws still targeted
Most flaws in the new set highlighted by CISA concern privilege escalation problems on Windows, of which one, CVE-2019-0841, has a published proof-of-concept (PoC) exploit that threat actors can pick up and use immediately on vulnerable systems.
The CVE-2019-1069 privilege escalation flaw on the Microsoft Task Scheduler was leveraged by the Ryuk ransomware group last April, which used it to raise its code execution rights on compromised systems.
The exploitation of CVE-2019-1132 has been previously linked to the Buhtrap hacking group, which used the zero-day flaw against governmental entities to run arbitrary code in kernel mode.
The significantly older CVE-2018-8120 on Win32k was first seen exploited for attacks as a zero-day back in May 2018, but apparently, it’s still valuable for threat actors.
Also Read: Cost of GDPR Compliance for Singapore Companies
Finally, CISA highlights CVE-2020-5135, a critical buffer overflow vulnerability in SonicWall VPNs that impacted over 800,000 devices at the time of its discovery.
Although SonicWall attempted to fix it with a patch, it was later discovered that the fixing was partial. As a result, administrators of SonicWall VPNs had to patch it again while a PoC was already in circulation.
These latest additions bring CISA’s Known Exploited Vulnerabilities Catalog to a total of 504 flaws, which admins cannot ignore as they’re all used by threat actors.
Organizations are advised to monitor that list and ensure they have addressed all security gaps on their systems, as adversaries don’t care how old a flaw is as long as it can give them unauthorized access to the target.