CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, underscoring the risk these CVEs pose to federal and other networks. The update covers Microsoft Project and Windows components, reinforcing the need for prioritized remediation under BOD 22-01 and ongoing vulnerability management. #KnownExploitedVulnerabilitiesCatalog #BOD22-01
Keypoints
- CISA added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog.
- Vulnerabilities include: CVE-2024-38189 (Microsoft Project RCE), CVE-2024-38178 (Windows Scripting Engine memory corruption), CVE-2024-38213 (Windows SmartScreen bypass), CVE-2024-38193 (WinSock privilege escalation), CVE-2024-38106 (Windows kernel privilege escalation), CVE-2024-38107 (Power Dependency Coordinator privilege escalation).
- These vulnerabilities are frequent attack vectors for malicious cyber actors.
- Binding Operational Directive (BOD) 22-01 requires Federal Civilian Executive Branch agencies to remediate identified vulnerabilities by a due date.
- CISA encourages all organizations to prioritize remediation of catalog vulnerabilities.
- CISA will continue to add vulnerabilities to the catalog that meet specified criteria.
MITRE Techniques
- [T1203] Execution – Exploitation of software vulnerabilities to execute malicious code. [‘Exploitation of software vulnerabilities to execute malicious code.’]
- [T1068] Privilege Escalation – Exploitation of vulnerabilities to gain elevated access to resources. [‘Exploitation of vulnerabilities to gain elevated access to resources.’]
- [T1211] Defense Evasion – Bypassing security features to avoid detection. [‘Bypassing security features to avoid detection.’]
Indicators of Compromise
- [CVE] Vulnerabilities – CVE-2024-38189, CVE-2024-38178, CVE-2024-38213, CVE-2024-38193, CVE-2024-38106, CVE-2024-38107
- [URL] Publicly available pages – https://nvd.nist.gov/vuln/detail/CVE-2024-38189, https://www.cisa.gov/known-exploited-vulnerabilities-catalog