CISA Adds Rejetto HTTP File Server, Windows Vulnerabilities to Catalog

10 Jul 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, adding several critical vulnerabilities that pose significant risks to both public and private sectors. The latest additions include flaws in Microsoft Windows and Rejetto HTTP File Server, which have been identified as high-priority threats.

Newly Added Vulnerabilities

The newly added vulnerabilities are:

CVE-2024-23692: This vulnerability, with a CVSS score of 9.8, affects Rejetto HTTP File Server up to version 2.3m. It is a template injection flaw that allows remote, unauthenticated attackers to execute arbitrary commands on the affected system by sending specially crafted HTTP requests.
CVE-2024-38080: With a CVSS score of 7.8, this elevation of privilege vulnerability impacts Windows Hyper-V. Successful exploitation could enable attackers to gain SYSTEM privileges.
CVE-2024-38112: This Windows MSHTML Platform Spoofing Vulnerability has a CVSS score of 7.5. Exploiting this flaw requires attackers to take additional preparatory actions before sending a malicious file to victims, who would then need to execute it.

The inclusion of these vulnerabilities in the KEV catalog underscores their potential for exploitation and the urgency for remediation.

Implications for Federal and Private Sectors

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, Federal Civilian Executive Branch (FCEB) agencies are mandated to address these vulnerabilities by the specified due date to safeguard their networks. CISA has set a deadline of July 30, 2024, for federal agencies to fix these vulnerabilities.

Private organizations are also strongly advised to review the KEV catalog and address these vulnerabilities within their infrastructure. Failure to do so could leave critical systems exposed to potential attacks, leading to severe operational disruptions and data breaches.

Recent Additions and Expert Recommendations

Last week, CISA added another critical vulnerability to its KEV catalog: the Cisco NX-OS Command Injection Vulnerability (CVE-2024-20399). This addition highlights the ongoing efforts by CISA to keep the KEV catalog updated with the most pressing cybersecurity threats.

Cybersecurity experts recommend that both public and private entities prioritize the remediation of these vulnerabilities. Regularly updating security protocols and conducting thorough vulnerability assessments can significantly reduce the risk of exploitation.

For more updates on cybersecurity threats and best practices, follow Pierluigi Paganini on Twitter: @securityaffairs, Facebook, and Mastodon.

What is the difference between microsoft windows 11 home and pro?

The primary differences between Microsoft Windows 11 Home and Pro include features related to business and security. Windows 11 Pro offers advanced features such as BitLocker device encryption, remote desktop access, Hyper-V for virtualization, and enhanced security through Windows Information Protection. Additionally, Windows 11 Pro supports joining a domain or Azure Active Directory, essential for enterprise environments, whereas Windows 11 Home is tailored more for consumer use.

What are examples of rbac as used in microsoft windows?

Role-Based Access Control (RBAC) in Microsoft Windows is used to restrict system access to authorized users. Examples include setting up Active Directory roles such as 'Domain Administrator,' 'Account Operator,' and 'Backup Operator,' which grant varying levels of permissions based on the role assigned. Users can also be assigned specific permissions for file and folder access through NTFS permissions, enabling fine-grained control over user activities and access to resources in a Windows environment.

Update: 10 Jul 2024

Discover Microsoft Windows XP download for free to PC or mobile

Latest update Discover Microsoft Windows XP download for free for Windows PC or Android mobile

661 reviews

3936 downloads

News and reviews about Discover Microsoft Windows XP

14 May 2025

Microsoft Identifies Vulnerabilities, Updates Security Measures

Microsoft addressed 72 vulnerabilities, including five zero-day flaws, marking the eighth month without critical classification. Urgent patches respond to active exploitation risks.

25 Apr 2025

Windows Updates Unveil Risks with Inetpub Folder Appearance

Microsoft's recent update has led to security concerns due to the unexpected appearance of the 'inetpub' folder, potentially allowing hackers to exploit Windows systems.

09 Apr 2025

Microsoft's Milestones in Innovation and Computing History

From its 1970s inception to today, Microsoft's journey in computing innovation showcases key products like MS-DOS, Windows, and advancements in AI and cloud technology.

04 Mar 2025

CdkeySales Offers Significant Savings on Microsoft Software

CdkeySales provides major discounts on software keys for Windows 10, Windows 11, and Microsoft Office packages, offering a user-friendly purchasing process.

03 Mar 2025

CISA Identifies New Vulnerabilities Impacting Key Systems

CISA reports new vulnerabilities in Cisco routers and Windows. Agencies are urged to address these security issues by March 2025 to ensure protection.

03 Sep 2024

Mastering Windows 11 Keyboard Shortcuts Boosts Business Efficiency

Mastering keyboard shortcuts in Windows 11 enhances efficiency and transforms tasks into seamless operations. These shortcuts cover basic functions, start menu and taskbar navigation, screenshots, desktop management, and command prompt operations, significantly boosting productivity for users.

13 Aug 2024

CERT-In Warns Windows Users of Vulnerabilities in Multiple Versions

The Indian Computer Emergency Response Team (CERT-In) warns Windows users of vulnerabilities in various versions, including Windows 10, 11, and Server editions. Users should activate firewalls, update antivirus software, and stay informed about updates from Microsoft and CERT-In.

13 Aug 2024

Fortra Identifies Denial of Service Vulnerability in Microsoft Windows Systems

Fortra has discovered a Denial of Service vulnerability in Microsoft Windows, affecting versions 10, 11, and Server 2016, 2019, and 2022. The flaw, CVE-2024-6768, can cause system instability and data loss. Microsoft closed the case in February 2024, citing inability to reproduce the issue.

13 Aug 2024

Microsoft Windows Users Face Issues in India Due to CrowdStrike Update

Microsoft Windows users face issues due to a significant outage from a problematic CrowdStrike update. CERT-In has issued an alert highlighting vulnerabilities that could allow attackers to elevate privileges, particularly affecting systems with VBS and Windows Backup. Users should follow Microsoft's recommendations.

13 Aug 2024

CERT-In Issues Advisory on Microsoft Windows Vulnerabilities

The Indian Computer Emergency Response Team (CERT-In) has warned of vulnerabilities in Microsoft Windows, affecting versions 10, 11, and 12, as well as Windows Server 2016, 2019, and 2022. These medium-severity flaws could allow privilege escalation. Users should update to the latest versions.