The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its catalog of Known Exploited Vulnerabilities (KEV) with two new threats. One affects ConnectWise, a remote management platform, and the other affects the Windows operating system. Both flaws allow attackers to remotely access critical systems, a risk that should not be ignored.
Technical details of the vulnerabilities added to the KEV 🔥
The first vulnerability, in ConnectWise, allows remote code execution through poor authentication. The second, in Windows, is a kernel privilege escalation flaw already being exploited in active campaigns. CISA recommends applying available patches immediately, as both attack vectors are accessible to actors with medium resources. There is no technical excuse to delay the update.
The Windows patch: that update you always put off ⏰
And while system administrators juggle a thousand tasks, cybercriminals already have their coffee ready to exploit these holes. It's like leaving the front door open and hoping no one comes in to steal the TV. The worst part is that the Windows patch has been available for weeks; you just need to click update. But hey, surely that reboot would have ruined your current game session.