The Information Highway

The Information Highway

Font size: +
2 minutes reading time (386 words)

CISA warns of actively exploited Windows, Sophos, and Oracle bugs

The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle. 

The KEV catalog contains flaws confirmed to be exploited by hackers in attacks and serves as a repository for vulnerabilities that companies all over should treat with priority. 

The agency is urging federal agencies to apply available security updates for the three issues before December 7. The three vulnerabilities are tracked as follows:

  • CVE-2023-36584 – "Mark of the Web" (MotW) security feature bypass on Microsoft Windows.
  • CVE-2023-1671 – Command injection vulnerability in Sophos Web Appliance allowing remote code execution (RCE).
  • CVE-2020-2551 – Unspecified vulnerability in Oracle Fusion Middleware, allowing an unauthenticated attacker with network access via IIOP to compromise the WebLogic server.

Microsoft addressed CVE-2023-36584 in the October 2023 Patch Tuesday bundle of security updates. However, it wasn't flagged as actively exploited in the disclosure and at the time of writing it's still marked as non exploited.

The critical flaw in Sophos Web Appliance, fixed on April 4, 2023, is identified as CVE-2023-1671 and has a severity score of 9.8. It can lead to remote code execution (RCE) and affects versions of the software before 4.3.10.4.

It is worth noting that Sophos Web Appliance reached end-of-life on July 20 and no longer receives any type of updates. The company notified customers that they should migrate to Sophos Firewall web protection.

Although CISA's KEV catalog is mainly aimed at federal agencies in the U.S. companies across the world are advised to use it as an alert system for exploited vulnerabilities and take the necessary steps to update their systems or apply vendor-recommended mitigations.

A Sophos spokesperson has reached out to share the following clarification about CVE-2023-1671:

More than six months ago, on April 4, 2023, we released an automatic patch to all Sophos Web Appliances, as noted in the Security Advisory on our Trust Center, and in July 2023, we've phased out Sophos Web Appliance as previously planned.

We appreciate CISA's notice for any of the small number of remaining Sophos Web Appliance users who turned off auto-patch and/or missed our ongoing updates, and recommend they upgrade to Sophos Firewall for optimal network security moving forward.

by Sophos
Bloomberg Crypto X account snafu leads to Discord ...
Toyota confirms breach after Medusa ransomware thr...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Thursday, 14 November 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023