From c33a0a042f6305d9b9b718a63137fde09d34d453 Mon Sep 17 00:00:00 2001 From: Ryan Date: Tue, 17 Dec 2024 10:59:09 +0800 Subject: [PATCH] Adobe Windows KEV (#1129) --- .../20241217001-ColdFusion-Windows-KEV.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 docs/advisories/20241217001-ColdFusion-Windows-KEV.md diff --git a/docs/advisories/20241217001-ColdFusion-Windows-KEV.md b/docs/advisories/20241217001-ColdFusion-Windows-KEV.md new file mode 100644 index 00000000..aac13ff1 --- /dev/null +++ b/docs/advisories/20241217001-ColdFusion-Windows-KEV.md @@ -0,0 +1,23 @@ +# Microsoft and Adobe Known Exploited Vulnerabilities - 20241217001 + +## Overview + +Microsoft and Adobe have released critical security advisories relating to vulnerabilities impacting Windows and ColdFusion. + +## What is vulnerable? + +| Product(s) Affected | Version(s) | CVE | CVSS | Severity | +| ------------------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------- | --------------------------------------------------------------- | +| Windows | [Vendor Supplied Version List](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250) | [CVE-2024-35250](https://nvd.nist.gov/vuln/detail/CVE-2024-35250) | 7.8 | High | +| ColdFusion | ColdFusion 2023 <= Update 6
ColdFusion <= Update 12 | [CVE-2024-20767](https://nvd.nist.gov/vuln/detail/CVE-2024-20767) | 7.4 | High| + +## What has been observed? + +CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe recommended in [Patch Management](../guidelines/patch-management.md): + +- Microsoft: +- Adobe: