CISA Alerts People to Windows Vulnerabilities and Adobe ColdFusion Exploitation
CISA instructed government agencies to fix the vulnerabilities in their environments by early January 2025 and added them to its Known Exploited Vulnerabilities (KEV) list. CVE-2024-35250 is a high-severity kernel-mode driver vulnerability in Windows that an attacker might use to elevate privileges to the System.
CISA instructed government agencies to fix the vulnerabilities in their environments by early January 2025 and added them to its Known Exploited Vulnerabilities (KEV) list. CVE-2024-35250 is a high-severity kernel-mode driver vulnerability in Windows that an attacker might use to elevate privileges to the System.
In June 2024, Microsoft declared that the vulnerability would be patched. Although the tech giant has not updated its alert for CVE-2024-35250 to confirm assaults, it does indicate that exploitation is likely. Microsoft has praised DevCore's researchers for responsibly reporting the vulnerability. In late August, the company revealed that the vulnerability had been exploited at the Pwn2Own Vancouver 2024 hacking competition, where the DevCore team won $30,000 for using it.
It seems that a proof-of-concept (PoC) hack was released in October. Since CVE-2024-35250 is a local privilege escalation vulnerability, attacks are likely to take advantage of it once the attacker has already obtained access to the system they are targeting. Adobe addressed the ColdFusion vulnerability, listed as CVE-2024-20767, that was added to CISA's KEV list in March 2024. According to the software behemoth, there is a serious problem with access control that permits "arbitrary file system read."
Shortly after the patch was released, technical information and a proof-of-concept exploit were made public, demonstrating how an attacker could use CVE-2024-20767 to alter restricted files and obtain unauthorized access to sensitive files. In fact, without any human intervention, the vulnerability can be used to compromise ColdFusion instances that are accessible over the internet.
It is unknown how many of the numerous ColdFusion servers that are open to the internet are susceptible to intrusions. No prior reports on the exploitation of these Windows and ColdFusion vulnerabilities seem to exist. Regarding the attacks it is aware of, CISA has not disclosed any information. It's important to remember, though, that vulnerabilities in ColdFusion and Windows are frequently exploited in the wild.
