Adobe and Windows flaws actively exploited - CISA

On December 17, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) database.

The first vulnerability, designated CVE-2024-35250, is a privilege escalation flaw affecting Windows that threat actors can exploit to gain system-level privileges. However, this flaw requires local access thus it’s only likely to be leveraged when a threat actor has already gained initial access to a vulnerable system.

CVE-2024-35250 was originally discovered and disclosed by security researchers in June 2024 and patched by Microsoft shortly thereafter. In October 2024 proof-of-concept (PoC) exploit code for the vulnerability was released, however, it’s unclear if this PoC is involved in the exploitation activity CISA has warned about.

Stay on top of emerging threats.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

The second vulnerability, designated CVE-2024-20767 is a critical improper access control flaw in Adobe Cold Fusion that could allow threat actors to view and modify restricted files. Unlike CVE-2024-35250, this flaw can be exploited remotely on vulnerable Internet-exposed Cold Fusion servers without requiring any user interaction.

CVE-2024-20767 was originally discovered and patched by Adobe in March 2024. Shortly after, researchers released technical details and PoC exploit code.

CISA has ordered federal agencies to patch both flaws by January 6, 2025.

Source: SecurityWeek

Analysis

According to search engine FOFA, approximately 206,000 Internet-exposed instances of Adobe Cold Fusion are deployed worldwide. Most are located in the U.S. (115,000) and Canada (18,000). While not all of these instances are vulnerable to CVE-2024-20767, they still represent a large attack surface for threat actors to target.

The recent exploitation of these months-old vulnerabilities highlights the importance of patching vulnerable devices and software within a reasonable timeframe to shrink the attack surface upon which threat actors can launch their malicious activities.

Mitigation

Field Effect Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in operating systems like Windows and Adobe Cold Fusion. Field Effect MDR users are automatically notified if a vulnerable version of the software is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.

Field Effect strongly recommends Windows and Adobe Cold Fusion users update to the latest versions as soon as possible.

Related Articles

• Microsoft investigates potential new Windows zero-day vulnerability
• Microsoft patches critical Windows 10 ‘Downdate’ flaw
• Microsoft fixes easy-to-exploit Outlook vulnerability on Patch Tuesday