Rewterz Threat Update – JetBrains and Windows Flaws Added to CISA’s Known Exploited Vulnerabilities Catalogue

Severity

High

Analysis Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two more vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to the continuous exploitation of them. The flaws that were added are:

• CVE-2023-42793 (CVSS: 9.8) – JetBrains TeamCity Authentication Bypass Vulnerability
• CVE-2023-28229 (CVSS: 7.0) – Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

CVE-2023-42793 is a critical security bypass vulnerability that allows an attacker to remotely execute code on TeamCity server. There is data evidence that 74 different IP addresses have tried to exploit this vulnerability.

Meanwhile, CVE-2023-28229 is a severe flaw in the Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service that can allow a threat actor to gain specific but limited system privileges.

There are no reports about the bug being exploited in the wild for now, and the researchers in CISA haven’t disclosed any more details about the attacks. However, a proof-of-concept was made public recently. On the other hand, Microsoft has tagged CVE-2023-28229 as an “Exploitation Less Likely” assessment, since they patched it in April 2023.

Due to the active exploitation of these vulnerabilities, organizations are urged to update their systems and apply the patches asap to make their networks secure against potential threats.

Impact

• Security Bypass
• Privilege Escalation

Remediation

• Refer to the JetBrains Website for patch, upgrade or suggested workaround information.
• Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• It is important for organizations to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.