Critical Windows Flaw Under Active Attack: Hackers Exploit Kernel Bug for Full System Control

Critical Windows Flaw Under Active Attack: Hackers Exploit Kernel Bug for Full System Control

Critical Windows and Adobe Vulnerabilities Under Active Exploitation

Security agencies have issued urgent warnings regarding two high-severity vulnerabilities currently being exploited in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to implement security patches by January 6.

Windows Kernel Vulnerability (CVE-2024-35250)
– Affects Microsoft Kernel Streaming Service (MSKSSRV.SYS)
– Allows local attackers to gain SYSTEM privileges
– Requires no user interaction
– Successfully demonstrated at Pwn2Own Vancouver 2024
– Patched in June 2024 Patch Tuesday update
– Proof-of-concept code available on GitHub

Adobe ColdFusion Vulnerability (CVE-2024-20767)
– Critical security flaw patched in March
– Enables unauthorized remote access to sensitive files
– Affects systems with exposed admin panels
– Over 145,000 ColdFusion servers potentially exposed
– Allows bypass of security measures and file system manipulation

Impact and Response
– Both vulnerabilities added to CISA’s Known Exploited Vulnerabilities catalog
– Federal agencies must comply with Binding Operational Directive (BOD) 22-01
– Private organizations strongly advised to implement patches
– Vulnerabilities represent significant risks to network security
– Multiple proof-of-concept exploits circulating online

Organizations are urged to prioritize these patches to protect against ongoing cyber attacks targeting these vulnerabilities.

Share This Article