Breaking
December 17, 2024

US government warns federal agencies to patch dangerous Windows kernel bug | usagoldmines.com


  • CISA added two new flaws to its KEV catalog
  • One of the bugs affects the Windows kernel, the other one was found in an Adobe product
  • US government agencies ordered to patch now or risk attack

The US Cybersecurity and Infrastructure Agency (CISA) has added a new Windows flaw to its Known Exploited Vulnerabilities (KEV) catalog, giving federal agencies a deadline to apply a patch, or stop using the software altogether.

The bug is a Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability with a high severity score of 7.8, tracked as CVE-2024-35250.

The bug can be used to gain system privileges in low-complexity attacks that don’t even require any user interaction.

Adobe ColdFusion

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in its advisory.

Since Microsoft did not share any further details about this vulnerability, the publication cited the DEVCORE Research team, who demonstrated how the bug works during this year’s Pwn2Own Vancouver hackathon. The same team reported the bug to Microsoft, who patched it in June’s Patch Tuesday cumulative update, A proof-of-concept (PoC) was released to GitHub a few months later.

When a vulnerability is added to KEV, that means that there is evidence of in-the-wild abuse. Federal agencies have a three-week deadline to apply the patch, or stop using the flawed software.

At the same time, CISA also added an Adobe ColdFusion vulnerability, tracked as CVE-2024-20767. This one is described as an improper access control weakness that grants unauthenticated remote threat actors the ability to read sensitive files. It affects ColdFusion versions 2023.6, 2021.12 and earlier, and has a high severity score of 7.4 – and Adobe patched it in March 2024.

“An attacker could leverage this vulnerability to access or modify restricted files,” reads the flaw’s description on CVE.org. “Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.”

CISA stressed that these types of vulnerabilities are “frequent attack vectors for malicious cyber actors” and as such pose a significant risk to the federal enterprise.

Agencies have until January 6, 2025 to apply the fixes.

Via BleepingComputer

You might also like

​ 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.

Recent:

Flic Button review: One smart button to rule them all | usagoldmines.com
Samsung Hypes Now Bar in One UI 7, the New AI-Powered Lock Screen Feature Tim | usagoldmines.com
What to Expect From the HomePod Mini 2 Rumored to Launch Next Year Joe Rossignol | usagoldmines.com
Facing ban next month, TikTok begs SCOTUS for help Ashley Belanger | usagoldmines.com
Big loss for ISPs as Supreme Court won’t hear challenge to $15 broadband law Jon Brodkin | usagoldmi...
Nvidia partners leak next-gen RTX 50-series GPUs, including a 32GB 5090 Andrew Cunningham | usagoldm...
Microsoft warns against installing Windows 11 on incompatible PCs | usagoldmines.com
You can now reinstall ChromeOS without losing all your Chromebook data | usagoldmines.com
Best SSDs of 2024: Reviews and buying advice | usagoldmines.com
This premium 11-in-1 Thunderbolt 4 dock is down to $140 today | usagoldmines.com
It’s begun! Epic is giving away 16 free PC games this holiday season | usagoldmines.com
Mythical Islands Expansion Now Available in Pokemon TCG Pocket Kellen | usagoldmines.com
OnePlus 13 Launches in the US on January 7 Kellen | usagoldmines.com
ChromeOS 131 Makes It Easier to Reset Your Chromebook Settings (Without Wiping All Your Data) Sachin...
The Bose QuietComfort Earbuds Are at Their Lowest Price Ever Right Now Pradershika Sharma | usagoldm...
The Out-of-Touch Adults' Guide To Kid Culture: Maximalist Christmas Decor Stephen Johnson | usagoldm...
All the Ways to Spot a Fake Screenshot David Nield | usagoldmines.com
Apple Watch Sleep Apnea Notifications Now Available in Brazil Eric Slivka | usagoldmines.com
New Apple TV Rumored to Launch Next Year With These Features Joe Rossignol | usagoldmines.com
Your air fryer might be sharing your private data – here's how you can protect yourself now | usago...
I pitted ChatGPT search against Perplexity to see which was the best AI search engine, and the resul...
Another major US hospital hacked, data on 1.4 million patients leaked | usagoldmines.com
CD Projekt Red announces The Witcher in Concert to celebrate 10 years of The Witcher 3: Wild Hunt |...
These ultra-comfy Bose wireless earbuds are 23% off right now | usagoldmines.com
Samsung’s 32-inch 1440p gaming monitor is 35% off ahead of the holidays | usagoldmines.com
Why is computer memory called RAM? Here’s the answer | usagoldmines.com
Windows Outlook app is having login troubles, throws up an error code | usagoldmines.com
The US military is tracking Santa’s sleigh flight. Here’s how to watch it | usagoldmines.com
Operational silos could overwhelm more enterprises in the future | usagoldmines.com
Beware, popular Christmas apps are bad for your privacy chiara.castro@futurenet.com (Chiara Castro) ...
Want to ditch Microsoft Teams? Skype is still here, and just made a significant change | usagoldmin...
Microsoft's CEO says the company is 'redefining what it means to be an Xbox fan' by pushing its mult...
Microsoft warns against installing Windows 11 on incompatible PCs | usagoldmines.com
Common Errors People Find on Their Credit Report (and How to Fix Them) Meredith Dietz | usagoldmines...
Seven High-Paying Jobs Most People Don't Want Jeff Somers | usagoldmines.com
Everything You Can Do With a Flipper Zero, From Perfectly Legal to Slightly Shady Stephen Johnson | ...
What's New on Disney+ in January 2025 Emily Long | usagoldmines.com
Get the AirTag 4-Pack for $72.99 Plus More Apple Accessory Deals With Christmas Delivery Mitchel Bro...
Marvel Rivals' new Winter Celebration game mode will bring Splatoon-like chaos starring Jeff the Lan...
macOS Sequoia 15.3 beta brings Genmoji to Mac, allowing you to serve up custom emojis that really re...
Get an incredible £300 off the Pixel 9 Series when you trade in an iPhone | usagoldmines.com
Uh oh... Zotac just leaked Nvidia’s next-gen launch line-up, including RTX 5090 GPU with 32GB of VRA...
The future of business processes: Three functions that GenAI will transform | usagoldmines.com
Here’s the new hybrid Honda Prelude, on sale late 2025 Jonathan M. Gitlin | usagoldmines.com
Today’s best laptop deals: Save big on work, school, home use, and gaming | usagoldmines.com
PC makers say tomorrow’s AI PCs need to just keep it simple | usagoldmines.com
Here is Everything New for the Apple TV in the tvOS 18.3 Update So Far Joe Rossignol | usagoldmines....
Your Roku TV is getting a big upgrade – if you also have a Roku security camera jacob.krol@futurenet...
FBI warns over new malware targeting webcams and DVRs | usagoldmines.com
Ransomware, deepfakes, and scams: the digital landscape in 2024 | usagoldmines.com
Can Saily become more than just an eSIM? Its new privacy and security tools suggest so chiara.castro...
Intel throws shade at Arm PCs, claiming retailers get a ‘large percentage’ of devices returned – but...
Apple Hit With Criminal Complaints Over Congo Mineral Trade Tim Hardwick | usagoldmines.com
Netflix renews the one comedy show that made me cry in 2024 and says A Man on the Inside season 2 wi...
LastPass hacked, users see millions of dollars of funds stolen benedict.collins@futurenet.com (Bened...
EU reveals sites for major AI factories across Europe | usagoldmines.com
Lenovo ThinkBook 16 Gen 7 review: An affordable, capable business laptop | usagoldmines.com
Confused about laptop CPU model names? Here’s a cheat sheet | usagoldmines.com
PSA: macOS Sequoia 15.2 Breaks SuperDuper Bootable Backups Tim Hardwick | usagoldmines.com
Some Samsung Galaxy S24 Ultra screen coatings are wearing out – and it's not a good look | usagoldm...
The Samsung Galaxy Z Fold 7 could have a thinner build and an Apple-inspired S Pen | usagoldmines.c...
Google Drive gets major document scanning boost on Android to tempt you from Adobe Scan alexblake.te...
Sonos had a terrible '24. Here's how it hopes to bring you a happier new year | usagoldmines.com
Excited for The Witcher 4? CD Projekt Red has already announced pre-orders for Ciri's Lynx Medallion...
Samsung’s latest Care+ upgrade makes AppleCare+ look like bad value jamie.richards@futurenet.com (Ja...
The iPad mini’s rebirth continues – with an OLED version strongly rumored for 2026 alexblake.techrad...
Trump FCC chair wants to revoke broadcast licenses—the 1st Amendment might stop him Jon Brodkin | us...
PSA: macOS Sequoia 15.2 Breaks SuperDuper Bootable Backups Tim Hardwick | usagoldmines.com
Many employees are actually demanding more AI at work | usagoldmines.com
Got a Garmin Fenix? You won't want to miss this latest update stephen.warwick@futurenet.com (Stephen...
The Samsung Galaxy S25 Ultra could have the smallest bezels of any phone (ever) | usagoldmines.com
To the surprise of absolutely no one, another new look at the Nintendo Switch 2 has seemingly leaked...
Alan Wake 2 now lets you turn off PSSR on PS5 Pro dash.wood@futurenet.com (Dashiell Wood) | usagoldm...
RTX 5060 rumor suggests it’ll have 8GB VRAM and I’m starting to wonder if Nvidia has lost the plot w...
Google’s new Veo 2 beats OpenAI Sora with 4K AI video generation – here’s how to try it john-anthony...
The point-and-shoot is back: Panasonic launches new Lumix out of the blue, with iPhone-trouncing 30x...
These DJ and musician headphones last longer than a Taylor Swift ballad | usagoldmines.com
Microsoft’s mission to improve Windows 11 actually pays off with improved webcam tools matthew.hanso...
Fortnite Winterfest 2024 release date and what to expect | usagoldmines.com
Best PDF editors 2024: Our top picks | usagoldmines.com
CD Projekt Red hints at Gwent returning in The Witcher 4 so there goes literally all of my spare tim...
Time is running out to get a lifetime license to Microsoft Project Pro for $18 | usagoldmines.com
How To View Activities in the Calendar View in MappyField 365 With Azure Maps Integration? Devik Gon...
How To Create Activities for Multiple Records While on Field Using Dynamics CRM Map Integration and ...
China orbits first Guowang internet satellites, with thousands more to come Stephen Clark | usagoldm...
Crucial tech that's pivotal for AI in hyperscalers gets major update to improve performance, enhance...
Pika challenges OpenAI and Sora with new AI video generator features erichs211@gmail.com (Eric Hal S...
You Can Now Ask Questions During Google's AI Podcasts Michelle Ehrhardt | usagoldmines.com
Why You Still Need a Filing Cabinet (Even in the Digital Age) Lindsey Ellefson | usagoldmines.com
Meta's Smart Glasses Gain Live AI and Live Translation Juli Clover | usagoldmines.com
ChatGPT brings its conversational search engine to everyone erichs211@gmail.com (Eric Hal Schwartz) ...
Disney Plus: how to sign up, price, movies, TV shows, Streams feature, devices, and more tom.power@f...
Instagram finally has all the tools to make your own year in review for Stories jacob.krol@futurenet...
NYT Strands today — my hints, answers and spangram for Tuesday, December 17 (game #289) | usagoldmi...
NYT Connections today — my hints and answers for Tuesday, December 17 (game #555) | usagoldmines.co...
Quordle today – my hints and answers for Tuesday, December 17 (game #1058) | usagoldmines.com
How to Play the New Winter Wonder Level in 'Astro Bot' Michelle Ehrhardt | usagoldmines.com
Your Black Plastic Utensils (Probably) Aren’t Killing You After All Beth Skwarecki | usagoldmines.co...
The Best Tools and Supplies to Save Time Cleaning Lindsey Ellefson | usagoldmines.com
I Love These Sony Earbuds, and They're $100 Off Right Now Daniel Oropeza | usagoldmines.com

Leave a Reply