CISA warns of actively exploited Windows, Sophos, and Oracle bugs

The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.

SECURITY

11/20/20231 min read

The agency is urging federal agencies to apply available security updates for the three issues before December 7. The three vulnerabilities are tracked as follows:

  • CVE-2023-36584 – "Mark of the Web" (MotW) security feature bypass on Microsoft Windows.

  • CVE-2023-1671 – Command injection vulnerability in Sophos Web Appliance allowing remote code execution (RCE).

  • CVE-2020-2551 – Unspecified vulnerability in Oracle Fusion Middleware, allowing an unauthenticated attacker with network access via IIOP to compromise the WebLogic server.

More Information: https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-windows-sophos-and-oracle-bugs/