CISA Warns About Four New Vulnerabilities Exploited as Zero-Days

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities, exploited as zero-day vulnerabilities, to its KEV (Known Exploited Vulnerabilities) catalog. The vulnerabilities affect Windows and iOS devices.

New Vulnerabilities Discovered

As also mentioned by BleepingComputer, two of the vulnerabilities that impact Microsoft products are CVE-2023-21823, which allows attackers to gain remote execution, and CVE-2023-23376 respectively, that allows attackers to escalate privileges. 

A third flaw, CVE-2023-21715, allows malicious payloads to be delivered through untrusted files by getting around Microsoft Office macro rules.

The fourth and final vulnerability was fixed by Apple on Monday and was tagged as actively exploited. Known as CVE-2023-23529, the vulnerability is a WebKit-type confusion issue, that could potentially lead to arbitrary code execution.

All three vulnerabilities were patched earlier this week by Microsoft as part of the February 2023 Patch Tuesday and were classified as zero-day vulnerabilities, that were exploited before the patch was available.

The WebKit zero-day addressed by Apple affects both older and newer generations of hardware, including all iPad Pro models, Macs running macOS Sierra, iPhone 8 and later, and more.

Federal Agencies Advised to Patch Soon

CISA has given federal agencies until March 7th to patch the four vulnerabilities. The cybersecurity agency strongly advises all organizations to address the security flaws to thwart any attempts to infiltrate their Windows or iOS devices, even though the instruction only applies to U.S. federal entities.

Since the binding operational directive (BOD 22-01) was issued, all Federal Civilian Executive Branch Agencies (FCEB) are required to secure their systems according to the vulnerabilities present in CISA’s KEV catalog.

To keep your organization up-to-date with the latest Windows, Linux OS, or other third-party patches, Heimdal®’s fully automated, customizable, and remote Patch & Asset Management solution is a viable option for you.

图片[1]|CISA Warns About Four New Vulnerabilities Exploited as Zero-Days|黑客技术网图片[2]|CISA Warns About Four New Vulnerabilities Exploited as Zero-Days|黑客技术网Heimdal Official LogoHeimdal Official LogoAutomate your patch management routine.

Heimdal® Patch & Asset Management Software

Remotely and automatically install Windows, Linux and 3rd party application updates and manage your software inventory.

  • Schedule updates at your convenience;
  • See any software assets in inventory;
  • Global deployment and LAN P2P;
  • And much more than we can fit in here…

Try it for FREE today30-day Free Trial. Offer valid only for companies.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

图片[1]|CISA Warns About Four New Vulnerabilities Exploited as Zero-Days|黑客技术网图片[2]|CISA Warns About Four New Vulnerabilities Exploited as Zero-Days|黑客技术网If you liked this post, you will enjoy our newsletter.Get cybersecurity updates you\’ll actually want to read directly in your inbox.

Source: /syad-orez-sa-detiolpxe-seitilibarenluv-wen-ruof-tuoba-snraw-asic/golb/moc.ytirucesladmieh

© 版权声明
点赞14 分享
评论 抢沙发