A stark warning has been issued to U.S. federal agencies by the Cybersecurity and Infrastructure Security Agency (CISA), urging immediate action to safeguard their networks against a newly exploited Windows kernel vulnerability. This flaw, identified as CVE-2024-35250, is categorized as high-severity due to its potential to allow local attackers to gain SYSTEM privileges with minimal effort—no user interaction required!

The vulnerability is rooted in an untrusted pointer dereference weakness within the Microsoft Kernel Streaming Service (MSKSSRV.SYS). It was discovered by the DEVCORE Research Team, who demonstrated its exploitability during the Pwn2Own Vancouver 2024 hacking contest. Remarkably, they managed to breach a fully patched Windows 11 system on the very first day of the event using this vulnerability.

Despite being patched by Microsoft in June 2024, exploit code was unfortunately made public on GitHub just four months later, escalating the risk for users. In their security advisory, Microsoft noted that "an attacker who successfully exploited this vulnerability could gain SYSTEM privileges," raising alarms about the live exploitation of this flaw, which still lacks a comprehensive update from the company.

Adding to the concern, CISA has also highlighted a critical vulnerability in Adobe ColdFusion, tracked as CVE-2024-20767. This weakness, which dates back to a patch released by Adobe in March, involves improper access control that facilitates unauthorized remote access to sensitive files. SecureLayer7 reported that successfully exploiting vulnerable ColdFusion servers with publicly accessible admin panels can enable attackers to bypass multiple security measures and perform malicious file system writes.

Current statistics show that over 145,000 ColdFusion servers are exposed to the Internet, although not all have easily exploitable admin panels. CISA has actively added both CVE-2024-35250 and CVE-2024-20767 to its Known Exploited Vulnerabilities catalog, marking an urgent alert for federal agencies, which must address these vulnerabilities by January 6, per the Binding Operational Directive (BOD) 22-01.

The agency stated, "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise." While primarily aimed at federal entities, CISA recommends that all organizations, public and private, prioritize addressing these vulnerabilities to thwart threats from cybercriminals.

Cybersecurity experts encourage immediate actions to monitor network traffic and deploy updated patches, advising that systems not patched against these vulnerabilities are especially susceptible to exploitation. The rising trend of cyber attacks, particularly sophisticated ones targeting known vulnerabilities, underscores the importance of maintaining a proactive security posture.

Are you concerned about the security of your systems? It's time to take action before it's too late! Stay informed, stay updated, and protect your data from emerging threats.