October 23, 2024 at 09:55AM
A critical vulnerability in Microsoft SharePoint (CVE-2024-38094) has been added to the CISA’s KEV catalog, allowing remote code execution for authenticated attackers. Patches were released in July 2024, and agencies must apply them by November 12, 2024. Meanwhile, a zero-day flaw in Samsung processors also poses exploitation risks.
### Meeting Takeaways – October 23, 2024
1. **High-Severity Vulnerability in Microsoft SharePoint**:
– **CVE Identifier**: CVE-2024-38094 (CVSS Score: 7.2)
– **Description**: Deserialization vulnerability that may lead to remote code execution.
– **Exploitation**: Requires authenticated access with Site Owner permissions.
– **Public Awareness**: Proof-of-concept (PoC) exploits available publicly.
– **Required Action**: Federal Civilian Executive Branch (FCEB) agencies must apply patches by November 12, 2024, following the security update released in July 2024.
2. **Samsung Mobile Processor Vulnerability**:
– **CVE Identifier**: CVE-2024-44068 (CVSS Score: 8.1)
– **Impact**: Utilize as a part of an exploit chain for privilege escalation.
– **Exploitation**: Although not confirmed exploited in the wild, the vulnerability is being used in a privilege escalation scenario targeting a process that interacts with the camera server.
– **Patch Availability**: Addressed as of October 7, 2024.
3. **CISA Security Proposal**:
– **New Requirements**: Enhance security measures to protect U.S. sensitive personal and government data.
– **Vulnerability Remediation Timeframes**:
– **Known Exploited Vulnerabilities**: Remediate within 14 days.
– **Critical Vulnerabilities (no exploit)**: Remediate within 15 days.
– **High-Severity Vulnerabilities (no exploit)**: Remediate within 30 days.
– **Audit and Identity Management**: Organizations must maintain audit logs and establish identity management processes to control data access.
4. **Next Steps**:
– Stay updated on these vulnerabilities and ensure patch compliance within the specified timelines.
– Implement necessary changes to meet CISA’s security proposals.
### Action Items:
– Disseminate this information to relevant teams for immediate attention.
– Monitor updates from Microsoft and Samsung regarding further security measures.
– Review current systems to ensure compliance with CISA’s new security requirements.