Contact Info

Atlas Cloud LLC 600 Cleveland Street Suite 348 Clearwater, FL 33755 USA

support@dedirock.com

Client Area
Recommended Services
Supported Scripts
WordPress
Hubspot
Joomla
Drupal
Wix
Shopify
Magento
Typeo3

CISA orders Windows security updates before October 1

Following the release of Microsoft’s Patch Tuesday security updates and the passing of Exploit Wednesday, it is still crucial to maintain vigilance. The Cybersecurity and Infrastructure Security Agency (CISA) in the US has mandated that three Windows vulnerabilities must be addressed before October 1. Although this directive primarily targets federal workers, CISA also encourages all organizations to reference the Known Exploited Vulnerabilities catalog to stay updated with ongoing threats and to refine their vulnerability management practices. Given these vulnerabilities are actively being exploited by malicious entities, it is vital for everyone to treat this situation with urgency and ensure robust protection for themselves and their organizations.

CISA has included four new Microsoft vulnerabilities in the KEV catalog, which includes one affecting Microsoft Publisher users, with the others pertaining to Windows.

The CISA announcement details these vulnerabilities.

When it comes to CVE-2024-38014, Satnam Narang, a senior staff research engineer at Tenable, describes it as a post-compromise activity exploit. This means once attackers have breached a system, they can use this vulnerability to elevate their privileges and further compromise the system. Narang notes that the methods attackers use to gain initial access can vary, including exploiting other vulnerabilities, spear phishing, or brute force attacks.

Another concerning issue is CVE-2024-30217. I have covered it in some detail here. According to Saeed Abbasi, manager of vulnerability research at Qualys Threat Research Unit, this vulnerability allows attackers to manipulate security warnings. This manipulation can let harmful files bypass security alerts, leading to potential ransomware attacks.

I further examined the CVE-2024-43491 Windows Update remote code execution vulnerability, which affects a limited number of Windows 10 users but presents significant risks. This flaw can let an attacker revert security updates, reintroducing previously patched vulnerabilities. Kev Breen, the senior director of threat research at Immersive Labs, warns that these vulnerabilities can be exploited anew, even if Windows Update indicates the system is fully patched.

Highlighting the urgency of addressing these security issues, CISA has issued strong guidance for organizations to enhance their cyber defenses by prioritizing the remediation of serious vulnerabilities as part of their overall vulnerability management practices. CISA has committed to continuously updating their catalog with vulnerabilities that meet certain criteria to assist in these efforts.

One Community. Many Voices. Create a free account to share your thoughts.

Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.

In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.

Your post will be rejected if we notice that it seems to contain:

User accounts will be blocked if we notice or believe that users are engaged in:

So, how can you be a power user?

Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.


Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.

Share this Post
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x