all InfoSec news
CISA adds recently-announced Microsoft zero-day to exploited vulnerability catalog
Malware Analysis, News and Indicators - Latest topics malware.news
The Cybersecurity and Infrastructure Security Agency added a recently revealed bug to its known exploited vulnerability list this week after Microsoft confirmed it was being used in attacks.
CISA ordered all federal civilian agencies to patch CVE-2023-21674 by January 31. The bug – first unveiled in Microsoft’s initial Patch Tuesday release of 2023 – affects the Windows Advanced Local Procedure Call (ALPC) and has a CVSS score of 8.8 out of a possible 10.
“An attacker who successfully exploited this …
advanced agency alpc attacks bug call catalog cisa cve cve-2023-21674 cvss cybersecurity exploited federal infrastructure infrastructure security january list local microsoft microsoft zero-day patch patch tuesday procedure release score security tuesday vulnerability windows zero-day