CISA Adds Microsoft WSUS, Adobe Commerce, and Magento Open Source Flaws to Known Exploited Vulnerabilities Catalog
Urgent Security Alert: CISA Warns of Actively Exploited Flaws in Microsoft WSUS and Adobe Commerce
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding three significant vulnerabilities affecting Microsoft and Adobe products to its Known Exploited Vulnerabilities (KEV) catalog. This designation is not a theoretical warning; it confirms that cyber attackers are actively exploiting these flaws in the wild. Organizations using the affected software must take immediate action to prevent compromise.
The advisory targets vulnerabilities in Microsoft Windows Server Update Services (WSUS) and the widely used e-commerce platforms Adobe Commerce and Magento Open Source. When a vulnerability is added to the KEV catalog, it serves as a crucial directive for federal agencies to patch their systems by a specific deadline, and a strong recommendation for all other organizations to do the same.
Microsoft WSUS Flaw Allows Full System Takeover
A severe elevation of privilege vulnerability in Microsoft’s Windows Server Update Services is among the newly listed threats. Tracked as CVE-2023-36428, this flaw can allow an attacker who has already gained initial access to a network to escalate their privileges to the SYSTEM level.
Here’s the breakdown of the threat:
- Product Affected: Microsoft Windows Server Update Services (WSUS)
- Vulnerability: Elevation of Privilege (CVE-2023-36428)
- Impact: An attacker can place a malicious script on the local file system that the WSUS server then executes. This grants them SYSTEM-level privileges, effectively giving them complete control over the server. WSUS servers are a high-value target because they are used to manage and distribute updates across an entire network, making a compromise particularly dangerous.
Gaining control of a WSUS server could allow attackers to deploy malware across an organization’s network, intercept sensitive information, or disrupt critical operations.
Adobe Commerce and Magento Targeted by E-commerce Attacks
Two vulnerabilities impacting Adobe Commerce and Magento Open Source have also been added to the KEV catalog, posing a direct threat to online businesses. E-commerce platforms are prime targets due to the sensitive customer and payment data they handle.
The two actively exploited Adobe flaws are:
- Arbitrary File Read (CVE-2024-34102): This critical vulnerability allows an attacker to read arbitrary files from the server. This could expose sensitive configuration files, database credentials, customer data, and other confidential information that could be used for further attacks.
- Improper Input Validation (CVE-2022-24086): Though first disclosed in 2022, this flaw continues to be a weapon of choice for attackers. It allows for arbitrary code execution, meaning a malicious actor can run their own code on the server. This can lead to a complete takeover of an online store, enabling attackers to steal payment data, deface the website, or install persistent backdoors.
A successful exploit against an e-commerce platform can result in devastating financial losses, reputational damage, and regulatory fines.
What You Need to Do Now: Actionable Security Steps
The inclusion of these vulnerabilities in the CISA KEV catalog underscores the urgency of the situation. These are not potential risks; they are proven threats being used in active campaigns. All organizations must prioritize mitigation efforts immediately.
Follow these essential steps to protect your systems:
- Prioritize Immediate Patching: This is the most critical step. Apply the security updates released by Microsoft and Adobe as soon as possible. Do not delay, as automated scanners are likely already searching for unpatched systems.
- Review System Access: For the WSUS vulnerability, attackers need prior access to the local file system. Conduct a thorough review of user permissions and network access controls to enforce the principle of least privilege, limiting the potential for an initial breach.
- Scan for Indicators of Compromise: If you are running affected versions of this software, scan your systems and network logs for any unusual activity that could indicate a compromise has already occurred. Look for unauthorized file modifications, unexpected network traffic, or new, unauthorized user accounts.
- Maintain a Robust Patch Management Program: Use this alert as an opportunity to review your organization’s overall patch management strategy. Ensure you have a process for identifying critical vulnerabilities, testing patches, and deploying them in a timely manner across all systems.
In today’s threat landscape, speed is essential. Waiting to patch known, exploited vulnerabilities is an open invitation to attackers. By taking swift and decisive action, you can protect your organization’s critical assets and maintain the trust of your customers.
Source: https://securityaffairs.com/183815/security/u-s-cisa-adds-microsoft-wsus-and-adobe-commerce-and-magento-open-source-flaws-to-its-known-exploited-vulnerabilities-catalog.html
