Friday, 11 August 2023

CISA Classifies a Patched Microsoft PoC Flaw As a Known Exploited Vulnerability

WebProNews
CISA Classifies a Patched Microsoft PoC Flaw As a Known Exploited Vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a patched Microsoft vulnerability to its Known Exploited Vulnerabilities (KEV) database.

Microsoft’s recent August 2023 Patch Tuesday addressed a number of issues, including a vulnerability in .Net and Visual Studio that Microsoft classified as a proof-of-concept (PoC).

Spotted by The Hacker News, it appears CISA disagrees with Microsoft’s classification. While Microsoft flagged the vulnerability as “Exploitation More Likely,” CISA says the vulnerability has already been exploited, resulting in it being added to the KEV catalog.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

Needless to say, organizations should take immediate steps to apply the necessary security patch.

CISA Classifies a Patched Microsoft PoC Flaw As a Known Exploited Vulnerability
Staff



from WebProNews https://ift.tt/UR8hGpv

No comments:

Post a Comment