June 14, 2024 at 12:42PM
CISA added a high-severity Windows vulnerability (CVE-2024-26169) to its list of actively exploited bugs. It allows attackers to gain SYSTEM permissions without user interaction. Microsoft patched it on March 12, 2024, but the Black Basta ransomware gang likely exploited it as a zero-day. FCEB agencies have three weeks to secure vulnerable systems.
Key takeaways from the meeting notes:
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included a high-severity Windows vulnerability, tracked as CVE-2024-26169, in its list of actively exploited security bugs. This flaw allows local attackers to gain SYSTEM permissions without user interaction.
– Microsoft addressed the vulnerability in its March 12, 2024, Patch Tuesday updates, but has yet to classify it as actively exploited in attacks.
– Symantec security researchers found evidence linking the Black Basta ransomware gang to attacks exploiting the CVE-2024-26169 vulnerability. The group likely had a working exploit for 14 to 85 days before Microsoft released security updates to address the flaw.
– CISA has given Federal Civilian Executive Branch (FCEB) agencies three weeks, until July 4, to patch the CVE-2024-26169 vulnerability to prevent potential ransomware attacks.
– The Black Basta ransomware, which emerged as a Ransomware-as-a-Service (RaaS) operation in April 2022, has targeted numerous high-profile victims and collected at least $100 million in ransom payments until November 2023.
It is imperative for FCEB agencies and other organizations to prioritize fixing the CVE-2024-26169 vulnerability to mitigate the risk of potential ransomware attacks.