The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with five new entries, marking another critical update for organizations bound by Binding Operational Directive (BOD) 22-01. These vulnerabilities, actively being exploited in the wild, pose significant risks to Windows environments and enterprise networks.

The Newly Added Vulnerabilities

CISA's latest additions to the KEV catalog include:

  • CVE-2023-32409: Apple WebKit vulnerability affecting Safari on Windows
  • CVE-2023-28205: Windows Common Log File System Driver privilege escalation flaw
  • CVE-2023-29336: Microsoft Office and WordPad remote code execution vulnerability
  • CVE-2023-24932: Windows Secure Boot security feature bypass
  • CVE-2023-23397: Microsoft Outlook elevation of privilege vulnerability

Critical Analysis of the Threats

Windows-Specific Risks

The CLFS driver vulnerability (CVE-2023-28205) is particularly concerning as it allows attackers to gain SYSTEM privileges on affected Windows systems. This flaw affects Windows 10, 11, and Windows Server versions, with Microsoft having released patches in recent months.

Office Productivity Suite Dangers

CVE-2023-29336 impacts Microsoft Office and WordPad, two ubiquitous applications in enterprise environments. The remote code execution capability makes this a prime target for phishing campaigns and document-based attacks.

Compliance Requirements Under BOD 22-01

Federal agencies and organizations working with government systems must:

  • Apply vendor-provided patches within mandated timelines
  • Document mitigation efforts for vulnerabilities where patches aren't available
  • Report compliance status through official channels
  • Maintain continuous monitoring for exploitation attempts

For Windows administrators and security teams:

  1. Prioritize patching based on CISA's severity ratings
  2. Implement application control to prevent execution of unauthorized code
  3. Enhance email security to block malicious Office documents
  4. Monitor for suspicious activity around vulnerable components
  5. Review Secure Boot configurations to prevent bypass attempts

This update continues CISA's pattern of:

  • Focusing on vulnerabilities with known in-the-wild exploitation
  • Emphasizing Windows ecosystem weaknesses
  • Pushing for faster enterprise response times
  • Coordinating with vendors for timely patch availability

Long-Term Security Implications

Organizations should view these updates as:

  • A warning about the sophistication of current threat actors
  • A reminder of the importance of patch management programs
  • An opportunity to reassess vulnerability prioritization frameworks
  • A call to improve incident response capabilities

Resources for Further Action