With Microsoft’s Patch Tuesday updates rolled out and Exploit Wednesday behind us, organizations must remain vigilant, especially following a new directive from the Cybersecurity and Infrastructure Security Agency (CISA). The agency has mandated that three critical Windows vulnerabilities be patched by October 1, stressing their importance for federal agencies and private organizations alike. These vulnerabilities, listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, are actively being exploited by attackers, making swift action essential to reducing risk. While the directive specifically applies to federal employees, CISA advises all organizations to update their systems promptly to mitigate the threat.
CISA has flagged four critical Microsoft vulnerabilities that need immediate attention, three of which are Windows-related. First, CVE-2024-38014 is a Windows Installer privilege escalation vulnerability affecting Windows 10, 11, and Windows Server. This flaw is used in post-compromise attacks, allowing hackers who already have access to a system to elevate their privileges, which can occur through methods such as phishing or exploiting other vulnerabilities. Second, CVE-2024-38217, a Mark of the Web (MoTW) security bypass vulnerability in Windows 10, 11, and Windows Server, allows attackers to suppress security warnings typically issued when users open files from untrusted sources, leading to increased risks, including ransomware attacks. Third, CVE-2024-43491, a Windows Update remote code execution vulnerability affecting Windows 10 version 1507, is particularly dangerous, rated 9.8 out of 10. This flaw enables attackers to roll back security updates, exposing systems to previously patched vulnerabilities. Lastly, CVE-2024-38226 is a security bypass vulnerability in Microsoft Publisher and Microsoft Office.
Security experts stress the urgency of addressing these vulnerabilities. For instance, CVE-2024-43491 allows attackers to undo installed security patches, making previously secured systems vulnerable again. This highlights the critical need for prompt action. CISA strongly encourages organizations to integrate the KEV catalog into their vulnerability management frameworks to stay ahead of evolving threats. The agency has committed to updating the catalog with new vulnerabilities as they arise, urging organizations to prioritize remediation efforts to better defend against cyberattacks.