CISA Issues Warning Regarding Actively Exploited JetBrains and Windows Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently took action in response to two security vulnerabilities being actively exploited, while simultaneously removing five other vulnerabilities from its Known Exploited Vulnerabilities (KEV) list due to insufficient evidence.

The newly added vulnerabilities are as follows:

  1. CVE-2023-42793 (CVSS score: 9.8) – JetBrains TeamCity Authentication Bypass Vulnerability
  2. CVE-2023-28229 (CVSS score: 7.0) – Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

CVE-2023-42793 pertains to a critical authentication bypass vulnerability that allows for remote code execution on TeamCity Server. Data collected has revealed that 74 unique IP addresses have attempted to exploit this flaw thus far.

In contrast, CVE-2023-28229 is a high-severity flaw in the Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service, which can enable an attacker to obtain specific limited SYSTEM privileges.

As of now, there are no publicly available reports confirming in-the-wild exploitation of CVE-2023-28229. CISA has not disclosed any further details regarding the attacks or exploitation methods, but a proof-of-concept (PoC) was made available in the previous month.

Microsoft has assessed CVE-2023-28229 as “Exploitation Less Likely” and addressed it through patches included in the April 2023 Patch Tuesday updates. Additionally, CISA has removed five vulnerabilities affecting Owl Labs Meeting Owl from the KEV catalog, citing a lack of compelling evidence.

Although CVE-2022-31460 was added in June 2022, the inclusion of four other vulnerabilities (CVE-2022-31459, CVE-2022-31461, CVE-2022-31462, and CVE-2022-31463) took place on September 18, 2023.

In response to the active exploitation of these two vulnerabilities, Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the patches provided by the respective vendors by October 25, 2023, to safeguard their networks against potential threats.