CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.
SECURITY
11/20/20231 min read
The agency is urging federal agencies to apply available security updates for the three issues before December 7. The three vulnerabilities are tracked as follows:
CVE-2023-36584 – "Mark of the Web" (MotW) security feature bypass on Microsoft Windows.
CVE-2023-1671 – Command injection vulnerability in Sophos Web Appliance allowing remote code execution (RCE).
CVE-2020-2551 – Unspecified vulnerability in Oracle Fusion Middleware, allowing an unauthenticated attacker with network access via IIOP to compromise the WebLogic server.
More Information: https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-windows-sophos-and-oracle-bugs/

