The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include critical zero-day flaws impacting the Microsoft Partner Center website and Synacor Zimbra Collaboration Suite, according to SC Media.Attacks leveraging the Microsoft Partner Center site's improper access control flaw, tracked as CVE-2024-49035, could facilitate escalated privileges without authentication, noted Microsoft, which initially reported its active exploitation in November.On the other hand, the Synacor ZCS cross-site scripting (XSS) issue, tracked as CVE-2023-37580, was reported to have been used in attacks involving a malicious script since November 2023.CISA urged organizations to remediate the newly-added security bugs, and also assess Palo Alto Networks' recent alert detailing attacks involving the exploitation of the PAN-OS vulnerabilities CVE-2024-0012 and CVE-2024-9474 as part of the Operation Lunar Peek campaign that has been under way since November, when both flaws had also been added to the KEV catalog.
Vulnerability Management, Patch/Configuration Management
CISA Adds Critical Microsoft, Synacor Zero-Days to KEV List
(Adobe Stock)
You can skip this ad in 5 seconds