CISA has added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch by specified deadlines.
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, marking them as actively exploited in the wild and requiring immediate attention from federal agencies.
The three vulnerabilities added to the catalog are:
CVE-2023-34000 - A critical remote code execution vulnerability in Microsoft Exchange Server that allows unauthenticated attackers to execute arbitrary code on vulnerable systems. This vulnerability affects Exchange Server 2013 through 2019 and has been observed in active exploitation campaigns.
CVE-2023-36884 - A privilege escalation vulnerability in Windows Print Spooler that enables local attackers to gain SYSTEM-level privileges. The vulnerability exists in how the Print Spooler service handles certain print jobs and has been exploited to maintain persistence on compromised systems.
CVE-2023-35001 - A deserialization vulnerability in Apache Log4j versions 2.0 through 2.17.2 that allows remote code execution when processing specially crafted log messages. This vulnerability builds upon the infamous Log4Shell vulnerability and affects applications using vulnerable Log4j libraries.
Under Binding Operational Directive (BOD) 22-01, federal civilian executive branch agencies must remediate these vulnerabilities by the following deadlines:
- CVE-2023-34000: Patching required within 24 hours of catalog addition
- CVE-2023-36884: Patching required within 24 hours of catalog addition
- CVE-2023-35001: Patching required within 24 hours of catalog addition
CISA Director Jen Easterly emphasized the urgency, stating: "These vulnerabilities represent active threats to federal networks. We're seeing sophisticated threat actors exploit these flaws to gain initial access, escalate privileges, and maintain persistence. Federal agencies must act immediately to protect their systems."
The KEV catalog now contains 867 vulnerabilities that are known to be actively exploited in the wild. CISA updates the catalog weekly, adding new vulnerabilities as they are discovered and removing those that are no longer considered actively exploited.
Organizations outside the federal government are strongly encouraged to patch these vulnerabilities as well, as the same threat actors targeting federal agencies often target private sector entities and critical infrastructure.
Mitigation steps for each vulnerability:
For CVE-2023-34000:
- Apply Microsoft's Exchange Server updates immediately
- If patching is not immediately possible, implement network segmentation and block external access to Exchange services
- Monitor for suspicious email activity and unauthorized mailbox access
For CVE-2023-36884:
- Install the latest Windows security updates from Microsoft
- Disable the Print Spooler service on systems where printing is not required
- Implement application allowlisting to prevent unauthorized code execution
For CVE-2023-35001:
- Update to Apache Log4j 2.17.2 or later
- Implement network segmentation to limit exposure of vulnerable systems
- Monitor network traffic for suspicious JNDI requests
The addition of these three vulnerabilities brings the total number of actively exploited flaws in the KEV catalog to 867, highlighting the persistent threat landscape facing government and private sector organizations alike. CISA continues to emphasize that timely patching remains one of the most effective defenses against known exploitation.
Comments
Please log in or register to join the discussion