Breaking
December 17, 2024

US government warns federal agencies to patch dangerous Windows kernel bug | usagoldmines.com


  • CISA added two new flaws to its KEV catalog
  • One of the bugs affects the Windows kernel, the other one was found in an Adobe product
  • US government agencies ordered to patch now or risk attack

The US Cybersecurity and Infrastructure Agency (CISA) has added a new Windows flaw to its Known Exploited Vulnerabilities (KEV) catalog, giving federal agencies a deadline to apply a patch, or stop using the software altogether.

The bug is a Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability with a high severity score of 7.8, tracked as CVE-2024-35250.

The bug can be used to gain system privileges in low-complexity attacks that don’t even require any user interaction.

Adobe ColdFusion

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in its advisory.

Since Microsoft did not share any further details about this vulnerability, the publication cited the DEVCORE Research team, who demonstrated how the bug works during this year’s Pwn2Own Vancouver hackathon. The same team reported the bug to Microsoft, who patched it in June’s Patch Tuesday cumulative update, A proof-of-concept (PoC) was released to GitHub a few months later.

When a vulnerability is added to KEV, that means that there is evidence of in-the-wild abuse. Federal agencies have a three-week deadline to apply the patch, or stop using the flawed software.

At the same time, CISA also added an Adobe ColdFusion vulnerability, tracked as CVE-2024-20767. This one is described as an improper access control weakness that grants unauthenticated remote threat actors the ability to read sensitive files. It affects ColdFusion versions 2023.6, 2021.12 and earlier, and has a high severity score of 7.4 – and Adobe patched it in March 2024.

“An attacker could leverage this vulnerability to access or modify restricted files,” reads the flaw’s description on CVE.org. “Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.”

CISA stressed that these types of vulnerabilities are “frequent attack vectors for malicious cyber actors” and as such pose a significant risk to the federal enterprise.

Agencies have until January 6, 2025 to apply the fixes.

Via BleepingComputer

You might also like

​ 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.

Recent:

Best SSDs of 2024: Reviews and buying advice | usagoldmines.com
Best PC computer holiday deals: Top picks from desktops to all-in-ones | usagoldmines.com
Best VPN holiday deals | usagoldmines.com
Nvidia’s new app is causing large frame rate dips in many games Kyle Orland | usagoldmines.com
The kids are… maybe alright: Teen drug use hits new lows in ongoing decline Beth Mole | usagoldmines...
Best PDF editors 2024: Our top picks | usagoldmines.com
Best laptops 2024: Premium, budget, gaming, 2-in-1s, and more | usagoldmines.com
AI With Real-Time Coaching, Movement Correction Coming for Your Home Gym Tim | usagoldmines.com
What Is TikTok’s Viral 'Dopamine Menu'? Lindsey Ellefson | usagoldmines.com
Google Drive's Document Scanner Is Getting a Massive Upgrade on Android Pranay Parab | usagoldmines....
Here's What's New in iOS 18.3 Jake Peterson | usagoldmines.com
These Are the Best Gifts for Teens, According to TikTok Lindsey Ellefson | usagoldmines.com
Apple Maps on the Web Gains 'Look Around' Support Juli Clover | usagoldmines.com
Fake CAPTCHA pages used to spread infostealer malware | usagoldmines.com
After decades of talk, Seagate seems ready to actually drop the HAMR hard drives Kevin Purdy | usago...
The Bird Buddy Is the Best Smart Bird Feeder I Have Tested Amanda Blum | usagoldmines.com
What's New on Hulu in January 2025 Emily Long | usagoldmines.com
Almost a million ConnectOnCall users may have had data stolen by hackers | usagoldmines.com
Companies issuing RTO mandates “lose their best talent”: Study Scharon Harding | usagoldmines.com
This premium 11-in-1 Thunderbolt 4 dock is 39% off today | usagoldmines.com
Ray-Ban Meta Glasses Get Live AI, Live Translation, and Shazam Tim | usagoldmines.com
I'm a Runner, and These Water-Resistant Running Shoes Are a Game Changer Beth Skwarecki | usagoldmin...
Five Ways to Make Your Houseguests More Comfortable (and Reduce Your Own Stress) Emily Long | usagol...
Video: M4 MacBook Pro Review Juli Clover | usagoldmines.com
New Year's Apple Watch Activity Challenge to Take Place on January 1 Juli Clover | usagoldmines.com
Slim-Llama is an LLM ASIC processor that can tackle 3-bllion parameters while sipping only 4.69mW - ...
Samsung Galaxy S25 Ultra rumored features: the key tipped upgrades on the S25 Ultra | usagoldmines....
Google and Microsoft aren’t syncing up: why Phone Link might no longer show you sensitive notificati...
I asked ChatGPT, Claude AI, Gemini, and Siri about humanoid robots in 2025, and the responses shocke...
OpenAI’s API users get full access to the new o1 model Kyle Orland | usagoldmines.com
Flic Button review: One smart button to rule them all | usagoldmines.com
Samsung Hypes Now Bar in One UI 7, the New AI-Powered Lock Screen Feature Tim | usagoldmines.com
What to Expect From the HomePod Mini 2 Rumored to Launch Next Year Joe Rossignol | usagoldmines.com
Facing ban next month, TikTok begs SCOTUS for help Ashley Belanger | usagoldmines.com
Big loss for ISPs as Supreme Court won’t hear challenge to $15 broadband law Jon Brodkin | usagoldmi...
Nvidia partners leak next-gen RTX 50-series GPUs, including a 32GB 5090 Andrew Cunningham | usagoldm...
Microsoft warns against installing Windows 11 on incompatible PCs | usagoldmines.com
You can now reinstall ChromeOS without losing all your Chromebook data | usagoldmines.com
It’s begun! Epic is giving away 16 free PC games this holiday season | usagoldmines.com
Mythical Islands Expansion Now Available in Pokemon TCG Pocket Kellen | usagoldmines.com
OnePlus 13 Launches in the US on January 7 Kellen | usagoldmines.com
ChromeOS 131 Makes It Easier to Reset Your Chromebook Settings (Without Wiping All Your Data) Sachin...
The Bose QuietComfort Earbuds Are at Their Lowest Price Ever Right Now Pradershika Sharma | usagoldm...
The Out-of-Touch Adults' Guide To Kid Culture: Maximalist Christmas Decor Stephen Johnson | usagoldm...
All the Ways to Spot a Fake Screenshot David Nield | usagoldmines.com
Apple Watch Sleep Apnea Notifications Now Available in Brazil Eric Slivka | usagoldmines.com
New Apple TV Rumored to Launch Next Year With These Features Joe Rossignol | usagoldmines.com
Your air fryer might be sharing your private data – here's how you can protect yourself now | usago...
I pitted ChatGPT search against Perplexity to see which was the best AI search engine, and the resul...
Another major US hospital hacked, data on 1.4 million patients leaked | usagoldmines.com
CD Projekt Red announces The Witcher in Concert to celebrate 10 years of The Witcher 3: Wild Hunt |...
These ultra-comfy Bose wireless earbuds are 23% off right now | usagoldmines.com
Samsung’s 32-inch 1440p gaming monitor is 35% off ahead of the holidays | usagoldmines.com
Why is computer memory called RAM? Here’s the answer | usagoldmines.com
Windows Outlook app is having login troubles, throws up an error code | usagoldmines.com
The US military is tracking Santa’s sleigh flight. Here’s how to watch it | usagoldmines.com
Operational silos could overwhelm more enterprises in the future | usagoldmines.com
Beware, popular Christmas apps are bad for your privacy chiara.castro@futurenet.com (Chiara Castro) ...
Want to ditch Microsoft Teams? Skype is still here, and just made a significant change | usagoldmin...
Microsoft's CEO says the company is 'redefining what it means to be an Xbox fan' by pushing its mult...
Microsoft warns against installing Windows 11 on incompatible PCs | usagoldmines.com
Common Errors People Find on Their Credit Report (and How to Fix Them) Meredith Dietz | usagoldmines...
Seven High-Paying Jobs Most People Don't Want Jeff Somers | usagoldmines.com
Everything You Can Do With a Flipper Zero, From Perfectly Legal to Slightly Shady Stephen Johnson | ...
What's New on Disney+ in January 2025 Emily Long | usagoldmines.com
Get the AirTag 4-Pack for $72.99 Plus More Apple Accessory Deals With Christmas Delivery Mitchel Bro...
Marvel Rivals' new Winter Celebration game mode will bring Splatoon-like chaos starring Jeff the Lan...
macOS Sequoia 15.3 beta brings Genmoji to Mac, allowing you to serve up custom emojis that really re...
Get an incredible £300 off the Pixel 9 Series when you trade in an iPhone | usagoldmines.com
Uh oh... Zotac just leaked Nvidia’s next-gen launch line-up, including RTX 5090 GPU with 32GB of VRA...
The future of business processes: Three functions that GenAI will transform | usagoldmines.com
Here’s the new hybrid Honda Prelude, on sale late 2025 Jonathan M. Gitlin | usagoldmines.com
Today’s best laptop deals: Save big on work, school, home use, and gaming | usagoldmines.com
PC makers say tomorrow’s AI PCs need to just keep it simple | usagoldmines.com
Here is Everything New for the Apple TV in the tvOS 18.3 Update So Far Joe Rossignol | usagoldmines....
Your Roku TV is getting a big upgrade – if you also have a Roku security camera jacob.krol@futurenet...
FBI warns over new malware targeting webcams and DVRs | usagoldmines.com
Ransomware, deepfakes, and scams: the digital landscape in 2024 | usagoldmines.com
Can Saily become more than just an eSIM? Its new privacy and security tools suggest so chiara.castro...
Intel throws shade at Arm PCs, claiming retailers get a ‘large percentage’ of devices returned – but...
Apple Hit With Criminal Complaints Over Congo Mineral Trade Tim Hardwick | usagoldmines.com
Netflix renews the one comedy show that made me cry in 2024 and says A Man on the Inside season 2 wi...
LastPass hacked, users see millions of dollars of funds stolen benedict.collins@futurenet.com (Bened...
EU reveals sites for major AI factories across Europe | usagoldmines.com
Lenovo ThinkBook 16 Gen 7 review: An affordable, capable business laptop | usagoldmines.com
Confused about laptop CPU model names? Here’s a cheat sheet | usagoldmines.com
PSA: macOS Sequoia 15.2 Breaks SuperDuper Bootable Backups Tim Hardwick | usagoldmines.com
Some Samsung Galaxy S24 Ultra screen coatings are wearing out – and it's not a good look | usagoldm...
The Samsung Galaxy Z Fold 7 could have a thinner build and an Apple-inspired S Pen | usagoldmines.c...
Google Drive gets major document scanning boost on Android to tempt you from Adobe Scan alexblake.te...
Sonos had a terrible '24. Here's how it hopes to bring you a happier new year | usagoldmines.com
Excited for The Witcher 4? CD Projekt Red has already announced pre-orders for Ciri's Lynx Medallion...
Samsung’s latest Care+ upgrade makes AppleCare+ look like bad value jamie.richards@futurenet.com (Ja...
The iPad mini’s rebirth continues – with an OLED version strongly rumored for 2026 alexblake.techrad...
Trump FCC chair wants to revoke broadcast licenses—the 1st Amendment might stop him Jon Brodkin | us...
PSA: macOS Sequoia 15.2 Breaks SuperDuper Bootable Backups Tim Hardwick | usagoldmines.com
Many employees are actually demanding more AI at work | usagoldmines.com
Got a Garmin Fenix? You won't want to miss this latest update stephen.warwick@futurenet.com (Stephen...
The Samsung Galaxy S25 Ultra could have the smallest bezels of any phone (ever) | usagoldmines.com
To the surprise of absolutely no one, another new look at the Nintendo Switch 2 has seemingly leaked...

Leave a Reply