Monthly Vulnerability Roundup

February 2024 was yet another intense month in the world of cybersecurity, marked by a flurry of active exploitations and vulnerability disclosures across various software and systems.

As threat actors continue to evolve their tactics, organizations and individuals must remain vigilant in safeguarding their digital assets. Here's a recap of the notable events and vulnerabilities that dominated headlines during this month.

Notable Headlines

a) Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities: Security agencies from the Five Eyes alliance issued a warning regarding active exploitation of vulnerabilities present in Ivanti Gateway.

b) Active Exploitation of Multiple Vulnerabilities in ConnectWise ScreenConnect Software: ConnectWise ScreenConnect Software faced active exploitation of multiple vulnerabilities.

c) CISA Warns of Fortinet Bug Likely Being Exploited in the Wild: The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning regarding a Fortinet bug that is suspected to be exploited in the wild.

d) Over 28,500 Exchange Servers Vulnerable to Actively Exploited Bug: A significant number of Exchange servers were found vulnerable to an actively exploited bug, posing a severe risk to organizations' email communication infrastructure.

e) New Outlook 0-day RCE Flaw Exploited in the Wild: A new zero-day Remote Code Execution (RCE) flaw in Outlook was discovered being exploited in the wild, raising concerns about the security of email clients.

f) Microsoft's Patch Tuesday Fixes Two Actively Exploited Vulnerabilities: Microsoft's regular Patch Tuesday addressed two actively exploited vulnerabilities.

g) CISA Warns of Active Exploitation Apple iOS and macOS Vulnerability: CISA issued a warning regarding active exploitation of vulnerabilities in Apple iOS and macOS systems.

Priority CVEs from CISA Known to be Actively Exploited

Among the priority CVEs identified by CISA, several vulnerabilities were actively exploited by threat actors during February. These include:

1. Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
2. ConnectWise ScreenConnect Authentication Bypass Vulnerability
3. Cisco ASA and FTD Information Disclosure Vulnerability
4. Microsoft Exchange Server Privilege Escalation Vulnerability
5. Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
6. Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
7. Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
8. Fortinet FortiOS Out-of-Bound Write Vulnerability

Priority CVEs Known to be Used in Ransomware Campaigns

Two priority CVEs identified by CISA are also known to be utilized in ransomware campaigns. These are:

a) Cisco ASA and FTD Information Disclosure Vulnerability
b) Microsoft Exchange Server Privilege Escalation Vulnerability

Organizations should prioritize patching these vulnerabilities to mitigate the risk of falling victim to ransomware attacks, which can have devastating consequences for business operations and data security.

Author: Hackerstorm.com