HomeWinBuzzer NewsCritical Android and Windows Bugs Identified by CISA

Critical Android and Windows Bugs Identified by CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has named three different vulnerabilities, including a Windows Error Reporting issue.

-

The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has added new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities affect devices running , Windows, and Progress Telerik Report Server, and have been actively targeted by cybercriminals.

Newly Listed Vulnerabilities

The fresh entries include CVE-2024-32896, CVE-2024-26169, and CVE-2024-4358. The CVE-2024-32896 flaw impacts Pixel Firmware, providing a route for attackers to elevate privileges using a zero-day exploit. CVE-2024-26169 compromises the Microsoft Windows Error Reporting Service, allowing adversaries to obtain SYSTEM privileges. CVE-2024-4358 involves an authentication bypass in Telerik Report Server, which permits unauthorized access to restricted features.

Federal Civilian Executive Branch (FCEB) agencies must address these new flaws by July 4, 2024, in line with Binding Operational Directive (BOD) 22-01. The goal is to shield federal networks from potential threats exploiting these vulnerabilities. CISA underscores the need for rapid action to mitigate risks.

CISA urges private organizations to review the KEV catalog and resolve the listed vulnerabilities within their systems. Taking proactive steps to enhance network security is crucial. The agency highlights the necessity of updating systems and applying relevant patches to maintain strong defenses against potential cyber exploits.

The Binding Operational Directive (BOD) 22-01, named “Reducing the Significant Risk of Known Exploited Vulnerabilities,” created the Known Exploited Vulnerabilities Catalog. This directive mandates that FCEB agencies must remediate listed vulnerabilities by specific deadlines to secure their networks from ongoing threats.

SourceCISA
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

Mastodon