Active Enterprise Exploits in the Wild

CISA has added thirteen new vulnerabilities as known exploits which should be patched ASAP and I have included some critical patches from Microsoft. Everything below is based on evidence that threat actors are actively exploiting the vulnerabilities listed below.

These types of vulnerabilities may be a frequent attack vector by malicious actors. Regular patch updates cycles should already be part of your organization’s playbook to mitigate risk.

How do you handle emergency VS regular patch cycles, do you have a process built to quickly address critical CVE’s?

Microsoft Updates
CVE-2021-43890This Windows AppX Installer Spoofing zero-day vulnerability is publicly known and under exploitation by Emotet, Trickbot, and Bazaloader malware families.
CVE-2021-41333This Windows Print Spooler Elevation of Privilege vulnerability has been made public and has low attack complexity.
CVE-2021-43880This security flaw is described as a Windows Mobile Device Management Elevation of Privilege (EoP) vulnerability that allows local attackers to delete targeted files on a system.
CVE-2021-43893Reported by Google Project Zero this issue is described by Microsoft as an EoP in the Windows Encrypting File System (EFS).
CVE-2021-43240NTFS Set Short Name elevation of privilege bug, has proof-of-concept exploit code available and is known publicly.
CVE-2021-43883NTFS Set Short Name elevation of privilege bug, has proof-of-concept exploit code available and is known publicly.
CISA Vulnerablity List
CVE-2021-44228Apache Log4j Remote Code Execution Vulnerability
CVE-2021-44515Zoho Corp. Desktop Central Authentication Bypass Vulnerability
CVE-2021-44168Fortinet FortiOS Arbitrary File Download
CVE-2021-35394Realtek Jungle SDK Remote Code Execution Vulnerability
CVE-2020-8816Pi-Hole AdminLTE Remote Code Execution Vulnerability
CVE-2020-17463Fuel CMS SQL Injection Vulnerability
CVE-2019-7238Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
CVE-2019-13272Linux Kernel Improper Privilege Management Vulnerability
CVE-2019-10758MongoDB mongo-express Remote Code Execution Vulnerability
CVE-2019-0193Apache Solr DataImportHandler Code Injection Vulnerability
CVE-2017-17562Embedthis GoAhead Remote Code Execution Vulnerability
CVE-2017-12149Red Hat Jboss Application Server Remote Code Execution Vulnerability
CVE-2010-1871Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability