The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> SonicWall SonicOS, ImageMagick\u00a0and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.
Below are the descriptions for these vulnerabilities:<\/p>\n\n\n\n
CVE-2024-43461<\/a> – Microsoft this week warned<\/strong><\/a> that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024.<\/p>\n\n\n\n
The vulnerability CVE-2024-43461<\/a> is a Windows MSHTML platform spoofing issue. MSHTML is a platform used by Internet Explorer. Although the browser has been retired, MSHTML remains in Windows and is still used by certain applications.<\/p>\n\n\n\n
The ZDI Threat Hunting team discovered a new exploit similar to a previously patched July vulnerability tracked as CVE-2024-38112<\/a>.<\/p>\n\n\n\n
\u201cThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\u201d reads the advisory<\/a> published by ZDI. \u201cThe specific flaw exists within the way Internet Explorer prompts the user after a file is downloaded. A crafted file name can cause the true file extension to be hidden, misleading the user into believing that the file type is harmless. An attacker can leverage this vulnerability to execute code in the context of the current user.\u201d<\/em><\/p>\n\n\n\n
\u201cYes. CVE-2024-43461 was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024.\u201d reads the advisory<\/a> published by Microsoft. \u201cWe released a fix for CVE-2024-38112 in our July 2024 security updates which broke this attack chain. See [CVE-2024-38112<\/a> \u2013 Security Update Guide \u2013 Microsoft \u2013 Windows MSHTML Platform Spoofing Vulnerability[(https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-38112). Customers should both the July 2024 and September 2024 security update to fully protect themselves.\u201d<\/em><\/p>\n\n\n\n
The vulnerability CVE-2024-6670<\/a> in WhatsUp Gold is an SQL Injection authentication bypass issue.<\/p>\n\n\n\n
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend private organizations review the Catalog<\/a> and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n
CISA orders federal agencies to fix this vulnerability by\u00a0October 7, 2024.<\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a>
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0CISA<\/a>)<\/strong>