Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the immediate need for organizations to address these security flaws. The vulnerabilities in question are:

  • CVE-2024-20767: An improper access control vulnerability in Adobe ColdFusion.
  • CVE-2024-35250: An untrusted pointer dereference vulnerability in the Windows Kernel-Mode Driver.

Detailed Analysis

CVE-2024-20767: Adobe ColdFusion Improper Access Control Vulnerability

Description: This vulnerability affects Adobe ColdFusion versions 2023.6, 2021.12, and earlier. It arises from improper access control mechanisms, allowing attackers to read arbitrary files on the system without proper authorization. Exploitation does not require user interaction but necessitates that the ColdFusion administrative panel be exposed to the internet. Technical Details: The flaw enables unauthorized access to sensitive files, potentially leading to information disclosure or further exploitation. Adobe has released security updates to address this issue, and organizations are urged to apply these patches promptly. Adobe Security Bulletin APSB24-14 Implications: If left unpatched, this vulnerability could allow attackers to access confidential information, leading to data breaches and compliance violations. Organizations using affected versions of ColdFusion should prioritize updating to the latest versions to mitigate this risk.

CVE-2024-35250: Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability

Description: This high-severity vulnerability exists in the Microsoft Kernel Streaming Service (MSKSSRV.SYS) and allows local attackers to gain SYSTEM privileges. The flaw is due to improper handling of pointers within the Windows Kernel-Mode Driver. Technical Details: Exploitation of this vulnerability requires local access but does not necessitate user interaction. An attacker who successfully exploits this flaw could execute arbitrary code with elevated privileges, potentially leading to full system compromise. Microsoft addressed this issue in the June 2024 Patch Tuesday update. Microsoft Security Advisory Implications: The ability to escalate privileges to SYSTEM level poses a significant threat, as it allows attackers to install programs, view, change, or delete data, and create new accounts with full user rights. Organizations should ensure that all systems are updated with the latest security patches to prevent exploitation.

Recommendations

  • Immediate Patching: Organizations should apply the latest security updates provided by Adobe and Microsoft to remediate these vulnerabilities.
  • Restrict Access: Limit exposure of administrative panels and critical services to the internet to reduce the attack surface.
  • Monitor Systems: Implement continuous monitoring to detect any signs of exploitation or unauthorized access.
  • User Education: Educate users about the importance of applying updates and recognizing potential security threats.

Conclusion

The addition of CVE-2024-20767 and CVE-2024-35250 to CISA's KEV catalog underscores the critical nature of these vulnerabilities. Organizations must act swiftly to apply patches and implement security best practices to protect their systems from potential exploitation.