The Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring immediate attention from IT administrators and security teams. These flaws affect major vendors including Apple, Oracle, and Microsoft, posing significant risks to enterprise networks if left unpatched.

The Newly Added Vulnerabilities

1. CVE-2024-21287 - Microsoft Exchange Server Elevation of Privilege

  • CVSS Score: 8.8 (High)
  • Impact: Allows attackers to bypass authentication mechanisms
  • Affected Versions: Exchange Server 2016, 2019
  • Patch Status: Fixed in March 2024 Cumulative Updates

2. CVE-2024-44308 - Apple macOS Arbitrary Code Execution

  • CVSS Score: 7.8 (High)
  • Impact: Malicious apps may bypass Gatekeeper protections
  • Affected Versions: macOS Ventura and later
  • Patch Status: Fixed in macOS 13.6.6 update

3. CVE-2024-44309 - Oracle WebLogic Server Remote Code Execution

  • CVSS Score: 9.8 (Critical)
  • Impact: Unauthenticated attackers can execute arbitrary code
  • Affected Versions: WebLogic 12.2.1.3.0, 12.2.1.4.0
  • Patch Status: Fixed in April 2024 Critical Patch Update

Why These Vulnerabilities Matter

CISA's KEV catalog only includes vulnerabilities with:
- Active exploitation in the wild
- Clear documentation of attacks
- Significant impact potential

The inclusion of these flaws means:
- Nation-state actors are likely exploiting them
- Ransomware groups may weaponize them soon
- Compliance requirements mandate patching (for federal agencies)

Recommended Actions

For Windows Administrators:

  1. Prioritize Exchange Server updates immediately
  2. Verify installation of March 2024 CU through:
Get-ExchangeServer | Select Name,Edition,AdminDisplayVersion
  1. Implement IIS hardening guidelines

For macOS Environments:

  • Deploy macOS 13.6.6 via MDM solutions
  • Audit Gatekeeper exceptions
  • Consider additional malware protections

For Oracle Products:

  1. Apply Critical Patch Update (CPU) Apr 2024
  2. Restrict T3 protocol access
  3. Monitor for suspicious IIOP traffic

Long-Term Protection Strategies

Beyond immediate patching, organizations should:

  • Implement CISA's Binding Operational Directive 22-01
  • Enable logging for all affected systems
  • Segment networks to limit lateral movement
  • Conduct threat hunting for indicators of compromise

Microsoft's Threat Intelligence team has observed these vulnerabilities being used in:
- Credential harvesting campaigns
- Initial access brokerage
- Data exfiltration attempts

Timeline of Events

Date Event
2024-03-12 Microsoft releases Exchange patches
2024-04-09 Oracle CPU released
2024-04-15 Apple updates macOS
2024-04-22 CISA adds to KEV catalog

Additional Resources

Remember: These vulnerabilities meet CISA's 2-week patching deadline for federal agencies. While private organizations have more flexibility, delaying remediation significantly increases breach risks.