Contact Info

Atlas Cloud LLC 600 Cleveland Street Suite 348 Clearwater, FL 33755 USA

support@dedirock.com

Client Area
Recommended Services
Supported Scripts
WordPress
Hubspot
Joomla
Drupal
Wix
Shopify
Magento
Typeo3

CISA orders Windows security updates before October 1

Following Microsoft’s recent security update release on Patch Tuesday and the passing of Exploit Wednesday, it’s crucial not to become complacent. The Cybersecurity and Infrastructure Security Agency (CISA) in the USA has explicitly mandated the patching of three specific Windows vulnerabilities by October 1. Although this directive is specifically for federal agencies, CISA advises all other organizations to refer to its Known Exploited Vulnerabilities catalog, which assists in monitoring threats and guiding vulnerability management. With these vulnerabilities actively being exploited by cybercriminals, it is imperative for everyone to prioritize these updates to protect both individuals and their organizations from potential threats.

CISA recently included four new entries into its KEV catalog. These additions include one Microsoft Publisher vulnerability and three Windows-related vulnerabilities.

The recent CISA announcement provides details on these issues.

When it comes CVE-2024-38014, Satnam Narang, senior staff research engineer at Tenable, remarked that this vulnerability is a post-compromise activity exploit, which means that an attacker who has already secured access to a system can exploit this flaw to elevate their privileges and secure further system compromise. Narang explained, “The methods these attackers use to gain access to these systems can vary, from exploiting other vulnerabilities, to spear phishing or brute force attacks.”

CVE-2024-30217 presents a significant concern, and it has been extensively discussed here. Saeed Abbasi, manager of vulnerability research at the Qualys Threat Research Unit, explained that this vulnerability “enables an attacker to manipulate security alerts that generally warn users about the dangers of opening files from unknown sources,” a critical security function typically targeted in ransomware attacks.

I have also explored the CVE-2024-43491 Windows Update remote code execution vulnerability, which impacts a smaller group of Windows 10 users, yet its severity is notable with a 9.8 out of 10 rating. This vulnerability allows an attacker to revert security updates, leaving systems vulnerable to previously patched flaws. Kev Breen, senior director of threat research at Immersive Labs, pointed out that such vulnerabilities can still be exploited by attackers “despite Windows update indicating it is fully patched.”

The Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends that all organizations reduce their cyberattack risk by prioritizing timely remediation of vulnerabilities listed in their catalog as part of robust vulnerability management practices. “CISA will continue to update the catalog with vulnerabilities that meet their specific criteria,” according to the agency.

One Community. Many Voices. Create a free account to share your thoughts.

Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.

In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.

Your post will be rejected if we notice that it seems to contain:

User accounts will be blocked if we notice or believe that users are engaged in:

So, how can you be a power user?

Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.


Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.

Share this Post
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x