Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities, exploited as zero-day vulnerabilities, to its KEV (Known Exploited Vulnerabilities) catalog. The vulnerabilities affect Windows and iOS devices.
New Vulnerabilities Discovered
As also mentioned by BleepingComputer, two of the vulnerabilities that impact Microsoft products are CVE-2023-21823, which allows attackers to gain remote execution, and CVE-2023-23376 respectively, that allows attackers to escalate privileges.
A third flaw, CVE-2023-21715, allows malicious payloads to be delivered through untrusted files by getting around Microsoft Office macro rules.
The fourth and final vulnerability was fixed by Apple on Monday and was tagged as actively exploited. Known as CVE-2023-23529, the vulnerability is a WebKit-type confusion issue, that could potentially lead to arbitrary code execution.
All three vulnerabilities were patched earlier this week by Microsoft as part of the February 2023 Patch Tuesday and were classified as zero-day vulnerabilities, that were exploited before the patch was available.
The WebKit zero-day addressed by Apple affects both older and newer generations of hardware, including all iPad Pro models, Macs running macOS Sierra, iPhone 8 and later, and more.
Federal Agencies Advised to Patch Soon
CISA has given federal agencies until March 7th to patch the four vulnerabilities. The cybersecurity agency strongly advises all organizations to address the security flaws to thwart any attempts to infiltrate their Windows or iOS devices, even though the instruction only applies to U.S. federal entities.
Since the binding operational directive (BOD 22-01) was issued, all Federal Civilian Executive Branch Agencies (FCEB) are required to secure their systems according to the vulnerabilities present in CISA’s KEV catalog.
To keep your organization up-to-date with the latest Windows, Linux OS, or other third-party patches, Heimdal®’s fully automated, customizable, and remote Patch & Asset Management solution is a viable option for you.
Heimdal® Patch & Asset Management Software
- Schedule updates at your convenience;
- See any software assets in inventory;
- Global deployment and LAN P2P;
- And much more than we can fit in here...
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
