CISA Alerts on New Vulnerabilities Affecting JetBrains and Microsoft Windows
On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog by adding two critical security flaws that are currently under active exploitation. The new entries underscore a growing concern among cybersecurity professionals regarding vulnerabilities that pose significant risks to organizational infrastructure. In addition to these additions, CISA removed five vulnerabilities from the KEV list due to insufficient evidence of exploitation.
The vulnerabilities included in the recent update are CVE-2023-42793 and CVE-2023-28229. The first, CVE-2023-42793, carries a CVSS score of 9.8, indicating its critical nature. This flaw pertains to an authentication bypass vulnerability within JetBrains’ TeamCity, which enables attackers to execute code remotely. According to data gathered by GreyNoise, there have been attempts to exploit this vulnerability from 74 unique IP addresses, highlighting its active exploitation in the wild.
Meanwhile, CVE-2023-28229 is a high-severity vulnerability impacting the Microsoft Windows CNG Key Isolation Service, with a CVSS score of 7.0. This flaw allows an attacker to escalate privileges to gain limited SYSTEM access. Despite its severity, there are currently no public reports indicating exploitation in the wild. However, a proof-of-concept (PoC) is already available, suggesting that attackers may soon leverage this vulnerability.
Microsoft has classified CVE-2023-28229 as “Exploitation Less Likely.” The company patched the flaw as part of its April 2023 Patch Tuesday updates. Given the nature of CVE-2023-42793, organizations using JetBrains TeamCity are urged to evaluate their defenses and implement necessary updates without delay, as the active exploitation raises the stakes for vulnerable systems.
CISA’s decision to remove five vulnerabilities affecting Owl Labs Meeting Owl from its catalog reflects a cautious approach to security incident reporting, emphasizing the importance of concrete evidence when assessing risks. Among the flaws removed was CVE-2022-31460, which had been included in June 2022, along with four additional vulnerabilities added just last month.
As organizations become increasingly aware of these emerging threats, Federal Civilian Executive Branch (FCEB) agencies face a deadline of October 25, 2023, to apply all vendor-supplied patches to mitigate risks from these vulnerabilities. The urgency for these corrective measures underscores an ongoing commitment to network security amidst a landscape of evolving cyber threats.
In this context, the applicable techniques from the MITRE ATT&CK framework, such as initial access through exploitation of vulnerabilities, privilege escalation via misconfigurations, and execution through remote code execution methods, provide critical insights into how these vulnerabilities can be leveraged by adversaries. Business owners must remain vigilant and proactive in their cybersecurity measures to safeguard against such threats.
