-
- |
-
CISA Issues Urgent Warning for New Vulnerabilities in F5 and Microsoft Products
CISA Issues Urgent Warning for New Vulnerabilities in F5 and Microsoft Products
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent security advisory highlighting several new vulnerabilities found in popular products from F5 and Microsoft. The warning calls for immediate action from system administrators to apply patches to prevent exploitation by threat actors.
These vulnerabilities have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. This addition signifies that CISA has strong evidence that these security flaws are currently being actively exploited "in the wild" by hackers.
In accordance with the Binding Operational Directive (BOD), all U.S. federal agencies are required to patch KEV-listed vulnerabilities within a specified timeframe. CISA also strongly urges all organizations in the private and public sectors to prioritize these patches.
Critical F5 Vulnerability
The CISA advisory highlights a critical flaw in the F5 BIG-IP product line. F5 devices are often used by large enterprises and government agencies to manage application traffic (application delivery controllers).
The exploited vulnerability reportedly allows an attacker to perform Remote Code Execution (RCE). An RCE flaw on an internet-facing device like an F5 is extremely dangerous as it can give an attacker complete control over the affected system, potentially serving as an entry point to infiltrate deeper into an organization's internal network.
Microsoft Security Flaws
In addition to F5, the warning also covers significant vulnerabilities in several Microsoft products, including those related to the Windows Kernel and other core infrastructure services.
One of the highlighted vulnerabilities is a privilege escalation flaw. This type of flaw allows an attacker who has already gained initial (limited) access to a system to elevate their access rights to that of an administrator. With admin rights, an attacker can disable security software, steal sensitive data, and deploy malware like ransomware across the network.
A Call for Immediate Action
The addition of the F5 and Microsoft vulnerabilities to the KEV list indicates a high and urgent level of risk. Hackers often scan the internet en masse for unpatched systems immediately after a vulnerability is announced.
CISA urges all organizations to:
-
Review the security bulletins released by F5 and Microsoft.
-
Identify vulnerable assets on their network.
-
Apply the relevant security updates as soon as possible, without waiting for a regular patching cycle.
Further technical information and the full list of vulnerabilities can be found on CISA's official site at cisa.gov/news-events/cybersecurity-advisories.
Popular article
Need Any Technology Solution
Let’s Work Together on Project
