Priya PatelTLDR:
- CISA has mandated that three Windows vulnerabilities be patched before October 1 to protect against active exploitation by threat actors.
- The vulnerabilities impact Microsoft Windows installer, Mark of the Web security, Windows Update, and Microsoft Publisher.
In response to Microsoft’s Patch Tuesday security updates, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive requiring three Windows vulnerabilities to be patched before October 1. While the mandate currently applies to federal employees, CISA emphasizes that all organizations should take action to protect themselves against active exploitation by threat actors.
CISA has added four Microsoft vulnerabilities to the Known Exploited Vulnerabilities catalog, including a privilege escalation vulnerability in Windows installer, security bypass vulnerability in Mark of the Web, remote code execution vulnerability in Windows Update, and a security bypass vulnerability in Microsoft Publisher. These vulnerabilities are exploited by threat actors to gain unauthorized access to systems and should be addressed immediately.
Security experts warn that these vulnerabilities can lead to post-compromise activities, security warning manipulation, and exposure to unpatched vulnerabilities. It is crucial for organizations to prioritize the timely remediation of these vulnerabilities to reduce their exposure to cyberattacks. CISA will continue to update the catalog with vulnerabilities that meet the specified criteria to ensure ongoing protection against threat actors.
