November 17, 2023 at 09:15AM
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security issues affecting Microsoft devices, a Sophos product, and an Oracle solution to its known exploited vulnerabilities catalog. CISA advises federal agencies to install available security updates for these vulnerabilities by December 7. The three vulnerabilities are listed as CVE-2023-36584, CVE-2023-1671, and CVE-2020-2551, each with specific details. It’s important for both U.S. federal agencies and companies worldwide to use the catalog as an alert system and take necessary actions to address vulnerabilities.
Key Takeaways from the Meeting Notes:
1. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities affecting Microsoft devices, a Sophos product, and an enterprise solution from Oracle to its catalog of known exploited vulnerabilities (KEV).
2. The KEV catalog serves as a repository for vulnerabilities confirmed to be exploited by hackers and companies should prioritize addressing these issues.
3. CISA is urging federal agencies to apply available security updates for the three vulnerabilities before December 7.
4. The vulnerabilities are tracked as follows:
– CVE-2023-36584: “Mark of the Web” (MotW) security feature bypass on Microsoft Windows.
– CVE-2023-1671: Command injection vulnerability in Sophos Web Appliance allowing remote code execution (RCE).
– CVE-2020-2551: Unspecified vulnerability in Oracle Fusion Middleware allowing an unauthenticated attacker with network access via IIOP to compromise the WebLogic server.
5. Microsoft has addressed CVE-2023-36584 in the October 2023 Patch Tuesday bundle of security updates, but it is currently marked as non-exploited.
6. The critical flaw in Sophos Web Appliance (CVE-2023-1671), which can lead to remote code execution (RCE), has been fixed on April 4, 2023. Versions of the software before 4.3.10.4 are affected.
7. Sophos Web Appliance has reached end-of-life and no longer receives updates. Customers have been advised to migrate to Sophos Firewall web protection.
8. While CISA’s KEV catalog is primarily aimed at federal agencies in the U.S., companies worldwide are advised to use it as an alert system for exploited vulnerabilities and to take necessary steps to update their systems or apply vendor-recommended mitigations.