www.bleepingcomputer.com
Open in
urlscan Pro
104.20.60.209
Public Scan
URL:
https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/
Submission: On April 26 via api from US — Scanned from DE
Submission: On April 26 via api from US — Scanned from DE
Form analysis 6 forms found in the DOM
https://www.bleepingcomputer.com/search/
<form title="Search site" action="https://www.bleepingcomputer.com/search/">
<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
<input type="hidden" name="cof" value="FORID:10">
<input type="hidden" name="ie" value="UTF-8">
<input type="search" name="q" aria-label="Search Site" placeholder="Search Site">
</form>https://www.bleepingcomputer.com/search/
<form action="https://www.bleepingcomputer.com/search/">
<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
<input type="hidden" name="cof" value="FORID:10">
<input type="hidden" name="ie" value="UTF-8">
<input type="search" name="q" aria-label="Search Site" placeholder="Search Site">
</form>POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e
<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e" method="post" target="_blank" novalidate="">
<input type="email" name="EMAIL" aria-label="Enter email address" placeholder="Email Address...">
<div style="position: absolute; left: -5000px;"><input type="hidden" aria-hidden="true" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value=""></div>
<input type="submit" value="Submit" class="bc_sub_btn">
</form>POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e
<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e" method="post" target="_blank" novalidate="">
<input type="email" aria-label="Enter email address" name="EMAIL" placeholder="Email Address...">
<div style="position: absolute; left: -5000px;"><input type="hidden" aria-hidden="true" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value=""></div>
<input type="submit" value="Submit" class="bc_sub_btn">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process&return=https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process&return=https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/"
method="post">
<div class="bc_form_feild">
<label for="ips_username">Username</label>
<input aria-label="Enter login name" title="Enter login name" type="text" id="ips_username" name="ips_username" autocomplete="username">
</div>
<div class="bc_form_feild">
<label for="ips_password">Password</label>
<input aria-label="Enter login password" title="Enter login passwod" type="password" id="ips_password" name="ips_password" autocomplete="current-password">
</div>
<div class="bc_form_feild">
<div class="bc_remember">
<input id="remember" type="checkbox" name="rememberMe" value="1" checked="checked">
<label for="remember">Remember Me</label>
</div>
<div class="bc_anon">
<input id="anonymous" type="checkbox" name="anonymous" value="1">
<label for="anonymous">Sign in anonymously</label>
</div>
</div>
<div class="bc_btn_wrap">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="submit" aria-label="Login to site" title="Login" value="Login" class="bc_sub_btn">
<a aria-label="Sign in with Twitter" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter&return=https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/" class="bc_twitter_btn"><img src="https://www.bleepstatic.com/images/site/login/twitter.png" width="28" height="24" alt="Sign in with Twitter button"> Sign in with Twitter</a>
<hr>
<p>Not a member yet? <a aria-label="Register account" title="Register account" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register">Register Now</a></p>
</div>
</form><form>
<input type="hidden" id="comment-id-report" value="0">
<ul>
<li>
<label><input type="radio" name="comment-report-reason" value="Spam">Spam</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Abusive or Harmful">Abusive or Harmful</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Inappropriate content">Inappropriate content</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Strong language">Strong language</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Other">Other</label>
</li>
<li id="comment-report-other-reason-wrap" style="display:none;">
<textarea aria-label="Enter other reason for reporting the comment" rows="2" cols="2" id="comment-report-other-reason"></textarea>
</li>
</ul>
<p>Read our <a href="https://www.bleepingcomputer.com/posting-guidelines/">posting guidelinese</a> to learn what content is prohibited.</p>
</form>Text Content
*
*
*
*
*
*
* News
* Featured
* Latest
* Emotet malware infects users again after fixing broken installer
* French hospital group disconnects Internet after hackers steal data
* Quantum ransomware seen deployed in rapid network attacks
* Animated QR codes: how do they work, and how to create your own?
* Hackers exploit critical VMware RCE flaw to install backdoors
* Develop custom workflows quickly with this automation platform deal
* Windows 10 KB5011831 update released with 26 bug fixes, improvements
* CISA adds 7 vulnerabilities to list of bugs exploited in attacks
* Downloads
* Latest
* Most Downloaded
* Qualys BrowserCheck
* STOPDecrypter
* AuroraDecrypter
* FilesLockerDecrypter
* AdwCleaner
* ComboFix
* RKill
* Junkware Removal Tool
* Virus Removal Guides
* Latest
* Most Viewed
* Ransomware
* How to remove the PBlock+ adware browser extension
* Remove the Toksearches.xyz Search Redirect
* Remove the Smashapps.net Search Redirect
* Remove the Smashappsearch.com Search Redirect
* Remove Security Tool and SecurityTool (Uninstall Guide)
* How to remove Antivirus 2009 (Uninstall Instructions)
* How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
* How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using
TDSSKiller
* Locky Ransomware Information, Help Guide, and FAQ
* CryptoLocker Ransomware Information Guide and FAQ
* CryptorBit and HowDecrypt Information Guide and FAQ
* CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
* Tutorials
* Latest
* Popular
* How to make the Start menu full screen in Windows 10
* How to install the Microsoft Visual C++ 2015 Runtime
* How to open an elevated PowerShell Admin prompt in Windows 10
* How to Translate a Web Page in Google Chrome
* How to start Windows in Safe Mode
* How to remove a Trojan, Virus, Worm, or other Malware
* How to show hidden files in Windows 7
* How to see hidden files in Windows
* Deals
* Categories
* eLearning
* IT Certification Courses
* Gear + Gadgets
* Security
* Forums
* More
* Startup Database
* Uninstall Database
* File Database
* Glossary
* Chat on Discord
* Send us a Tip!
* Welcome Guide
* Home
* News
* Security
* CISA adds 7 vulnerabilities to list of bugs exploited in attacks
* AddThis Sharing Buttons
Share to FacebookFacebookShare to TwitterTwitterShare to
LinkedInLinkedInShare to RedditRedditShare to Hacker NewsHacker NewsShare to
EmailEmail
*
CISA ADDS 7 VULNERABILITIES TO LIST OF BUGS EXPLOITED IN ATTACKS
By
LAWRENCE ABRAMS
* April 25, 2022
* 08:03 PM
* 0
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added
seven vulnerabilities to its list of actively exploited security issues,
including those from Microsoft, Linux, and Jenkins.
The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities known
to be actively exploited in cyberattacks and required to be patched by Federal
Civilian Executive Branch (FCEB) agencies.
"Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of
Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities
Catalog as a living list of known CVEs that carry significant risk to the
federal enterprise," explains CISA.
PLAY Top Articles Video Settings Full Screen About Connatix V159860 Read More
Read More Read More Read More Read More Windows 10 KB5011831 update released
with 26bug fixes, improvements 1/1 Skip Ad Continue watching after the ad Visit
Advertiser websiteGO TO PAGE
"BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the
due date to protect FCEB networks against active threats. See the BOD 22-01 Fact
Sheet for more information."
"The vulnerabilities listed in the catalog allow threat actors to perform a
variety of attacks, including stealing credentials, gaining access to networks,
remotely executing commands, downloading and executing malware, or stealing
information from devices."
With the addition of these seven vulnerabilities, the catalog now contains 654
vulnerabilities, including the date that federal agencies must apply the
associated patches and security updates.
The seven new vulnerabilities added this week are listed below, with CISA
requiring all of them to be patched by May 16th, 2022.
CVE Number Vulnerability Title Due Date CVE-2022-29464 WSO2 Multiple Products
Unrestrictive Upload of File Vulnerability 2022-05-16 CVE-2022-26904 Microsoft
Windows User Profile Service Privilege Escalation Vulnerability 2022-05-16
CVE-2022-21919 Microsoft Windows User Profile Service Privilege Escalation
Vulnerability 2022-05-16 CVE-2022-0847 Linux Kernel Privilege Escalation
Vulnerability 2022-05-16 CVE-2021-41357 Microsoft Win32k Privilege Escalation
Vulnerability 2022-05-16 CVE-2021-40450 Microsoft Win32k Privilege Escalation
Vulnerability 2022-05-16 CVE-2019-1003029 Jenkins Script Security Plugin Sandbox
Bypass Vulnerability 2022-05-16
HOW ARE THESE BUGS USED IN ATTACKS?
While it's helpful to know that a bug is exploited, it is even more helpful to
understand how they are actively being used in attacks.
The WSO2 vulnerability tracked as CVE-2022-29464 was disclosed on April 18th,
2022, and a few days after, a public exploit was released. Rapid7 researchers
soon saw the public PoC used in attacks to deploy web shells and coinminers.
The Windows 'User Profile Service Privilege Escalation' vulnerabilities tracked
as CVE-2022-21919 and CVE-2022-26904 were both discovered by Abdelhamid
Naceri and are subsequent bypasses of an
original CVE-2021-34484 vulnerability fixed in August 2021. All of these
vulnerabilities have had public PoC exploited disclosed, and BleepingComputer
has been told that ransomware gangs use them to spread laterally through a
Windows domain.
The Linux privilege escalation vulnerability known as 'DirtyPipe' is tracked as
CVE-2022-0847 and was disclosed in March 2022. Soon after its disclosure,
numerous proof-of-concept exploits were released, allowing users to gain root
privileges quickly, as illustrated below.
Demonstration of the CVE-2022-0847 Dirty Pipe vulnerability
Source: BleepingComputer
The CVE-2021-40450 and CVE-2021-41357 'Microsoft Win32k Privilege Escalation'
vulnerabilities were patched in October 2021 and are an interesting addition to
the list, as there is no public mention of these being exploited in the wild.
Finally, the oldest vulnerability is the 'Jenkins Script Security Plugin Sandbox
Bypass' bug tracked as CVE-2019-1003029, which has been used in the past by the
Capoae Malware to deploy XMRig cryptominers.
It is strongly recommended that all security professionals and admins review
the Known Exploited Vulnerabilities Catalog and patch any within their
environment.
RELATED ARTICLES:
CISA adds 66 vulnerabilities to list of bugs exploited in attacks
CISA adds 15 vulnerabilities to list of flaws exploited in attacks
CISA warns of attackers now exploiting Windows Print Spooler bug
CISA warns orgs to patch actively exploited Windows LPE bug
Google Chrome emergency update fixes zero-day used in attacks
* Actively Exploited
* CISA
* Cyberattack
* Dirty Pipe
* Vulnerability
* Windows
* Facebook
* Twitter
* LinkedIn
* Email
*
LAWRENCE ABRAMS
Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com.
Lawrence's area of expertise includes Windows, malware removal, and computer
forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation,
Recovery, and Administration Field Guide and the technical editor for Rootkits
for Dummies.
* Previous Article
* Next Article
POST A COMMENT COMMUNITY RULES
YOU NEED TO LOGIN IN ORDER TO POST A COMMENT
Not a member yet? Register Now
YOU MAY ALSO LIKE:
Popular Stories
* Enable Windows 11's God Mode to access all settings in one screen
* Quantum ransomware seen deployed in rapid network attacks
NEWSLETTER SIGN UP
To receive periodic updates and news from BleepingComputer, please use the form
below.
NEWSLETTER SIGN UP
* Follow us:
*
*
*
*
MAIN SECTIONS
* News
* Downloads
* Virus Removal Guides
* Tutorials
* Startup Database
* Uninstall Database
* File Database
* Glossary
COMMUNITY
* Forums
* Forum Rules
* Chat
USEFUL RESOURCES
* Welcome Guide
* Sitemap
COMPANY
* About BleepingComputer
* Contact Us
* Send us a Tip!
* Advertising
* Write for BleepingComputer
* Social & Feeds
* Changelog
Terms of Use - Privacy Policy - Ethics Statement
Copyright @ 2003 - 2022 Bleeping Computer® LLC - All Rights Reserved
LOGIN
Username
Password
Remember Me
Sign in anonymously
Sign in with Twitter
--------------------------------------------------------------------------------
Not a member yet? Register Now
REPORTER
HELP US UNDERSTAND THE PROBLEM. WHAT IS GOING ON WITH THIS COMMENT?
* Spam
* Abusive or Harmful
* Inappropriate content
* Strong language
* Other
*
Read our posting guidelinese to learn what content is prohibited.
Submitting...
SUBMIT