The Cybersecurity and Infrastructure Security Agency of the USA (Cybersecurity & Infrastructure Security Agency, CISA) has added fifteen more vulnerabilities to its list of vulnerabilities actively exploited by hackers. This should serve as an incentive for system administrators who have not yet installed all the necessary fixes.
Since cybercriminals are already exploiting vulnerabilities in attacks, delay in installing patches can put corporate networks at risk of cyber attacks, including using extortionate software. In this regard, CISA has obliged organizations to apply all available fixes for the 15 vulnerabilities presented below by April 5, 2022. All of them were discovered and corrected in the period from 2015 to 2020.
CVE-2020-5135 – buffer overflow in SonicWall SonicOS;
CVE-2019-1405 – privilege escalation in Microsoft Windows UPnP Service;
CVE-2019-1322 – privilege escalation in Microsoft Windows;
CVE-2019-1315 – privilege escalation in Microsoft Windows Error Reporting Manager;
CVE-2019-1253 – privilege escalation in Microsoft Windows AppX Deployment Server;
CVE-2019-1129 – privilege escalation in Microsoft Windows AppXSVC;
CVE-2019-1069 – privilege escalation in Microsoft Task Scheduler;
CVE-2019-1064 – privilege escalation in Microsoft Windows AppXSVC;
CVE-2019-0841 – privilege escalation in Microsoft Windows AppXSVC;
CVE-2019-0543 – privilege escalation in Microsoft Windows;
CVE-2018-8120 – privilege escalation in Microsoft Win32k;
CVE-2017-0101 – privilege escalation in Microsoft Windows Transaction Manager;
CVE-2016-3309 – privilege escalation in the Microsoft Windows kernel;
CVE-2015-2546 – memory corruption in Microsoft Win32k;
CVE-2019-1132 – privilege escalation in Microsoft Win32k.
A PoC exploit is already available for the CVE-2019-0841 vulnerability, which hackers can use to attack.
The vulnerability CVE-2019-1069 was exploited by the Ryuk cyber-extortion group in April 2021 to increase privileges on the attacked systems in order to execute malicious code.
The vulnerability CVE-2019-1132 was exploited by the hacker group Buhtrap in attacks on government organizations in order to run malicious code in kernel mode.
The exploitation of the older CVE-2018-8120 was first recorded in May 2018, and the vulnerability still remains very valuable for hackers.
At the time of the discovery of the vulnerability CVE-2020-5135, it affected more than 800 thousand SonicWall VPN devices. Although the manufacturer released a fix, it later turned out that it fixed the problem incompletely. As a result, administrators had to install another patch, while the PoC exploit was already circulating in the hacker community.