October 16, 2024 at 03:57PM
CISA added three vulnerabilities to its ‘Known Exploited Vulnerabilities’ catalog, including a critical SolarWinds flaw (CVE-2024-28987) due to hardcoded credentials, actively exploited by attackers. Federal agencies must update by November 5, 2024. Additional flaws in Windows and Mozilla Firefox are also noted, with active exploitation confirmed.
### Meeting Takeaways
1. **New Vulnerabilities Added to CISA’s KEV Catalog**:
– CISA has included three new flaws in its ‘Known Exploited Vulnerabilities’ (KEV) catalog, indicating active exploitation.
2. **Critical Vulnerability in SolarWinds Web Help Desk**:
– **Flaw Details**:
– **CVE-2024-28987** involves hardcoded credentials (username: “helpdeskIntegrationUser”, password: “dev-C4F8025E7”).
– Allows remote, unauthenticated attackers access to WHD endpoints, enabling data access and modification.
– **Vendor Response**:
– SolarWinds released a hotfix shortly after the vulnerability was reported by researcher Zach Hanley. Users should update to WHD 12.8.3 Hotfix 2 or later.
– **Deadline for Action**:
– Federal agencies must update or discontinue use by **November 5, 2024**.
3. **Recommendations for System Administrators**:
– Given the active exploitation status of CVE-2024-28987, immediate action is advised to secure WHD endpoints ahead of the formal deadline.
4. **Other Vulnerabilities**:
– **Windows Kernel Flaw**:
– Tracked as **CVE-2024-30088**. Exploited by OilRig (APT34) to elevate permissions on compromised devices. Addressed in June 2024 Patch Tuesday.
– **Mozilla Firefox Flaw**:
– Tracked as **CVE-2024-9680**. Discovered by ESET; fixed by Mozilla within 25 hours. Exploit enables remote code execution through CSS animation timelines.
– **Exploit Origin for Firefox Flaw**:
– Malicious activity appears to originate from Russia, likely tied to espionage operations.
5. **Patching Deadline**:
– Federal agencies are required to patch the Windows and Mozilla Firefox vulnerabilities by **November 5, 2024**.
Overall, timely updates and security measures are crucial in response to the identified vulnerabilities to prevent potential exploitation.