CISA Warns of Two Actively Exploited Vulnerabilities—Patch Now

---
title: "CISA Warns of Two Actively Exploited Vulnerabilities—Patch Now"
short_title: "CISA adds two critical exploited vulnerabilities"
description: "CISA has added CVE-2024-1708 and CVE-2026-32202 to its KEV Catalog due to active exploitation. Learn risks, impacts, and mitigation steps here."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, cve-2024-1708, cve-2026-32202, known-exploited-vulnerabilities, cybersecurity]
score: 0.92
cve_ids: [CVE-2024-1708, CVE-2026-32202]
---

## TL;DR
CISA has added two critical vulnerabilities—CVE-2024-1708 (ConnectWise ScreenConnect) and CVE-2026-32202 (Microsoft Windows)—to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal agencies must patch immediately, but all organizations are urged to prioritize remediation to reduce exposure to cyberattacks.

Main Content

The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to two newly identified vulnerabilities by adding them to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities, CVE-2024-1708 and CVE-2026-32202, are actively being exploited by malicious cyber actors, posing significant risks to federal agencies and private sector organizations alike.

CISA’s KEV Catalog serves as a critical resource for identifying and mitigating vulnerabilities that are being leveraged in real-world attacks. Under Binding Operational Directive (BOD) 22-01, federal agencies are required to remediate these vulnerabilities within specified timelines to protect their networks. However, CISA strongly recommends that all organizations—regardless of sector—prioritize patching these vulnerabilities to mitigate potential threats.

### Key Points
- CVE-2024-1708: A path traversal vulnerability in ConnectWise ScreenConnect, allowing unauthorized access to sensitive files and systems.
- CVE-2026-32202: A protection mechanism failure in Microsoft Windows, enabling attackers to bypass security controls and execute malicious code.
- Active Exploitation: Both vulnerabilities are being actively exploited in the wild, increasing the urgency for remediation.
- Federal Mandate: Federal Civilian Executive Branch (FCEB) agencies must patch these vulnerabilities by CISA’s deadline to comply with BOD 22-01.
- Broader Impact: While BOD 22-01 applies to federal agencies, all organizations are advised to address these vulnerabilities to reduce their risk of cyberattacks.

Technical Details

#### CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability
- Affected Software: ConnectWise ScreenConnect (specific versions not yet disclosed).
- Vulnerability Type: Path traversal, allowing attackers to access files and directories outside the intended scope.
- Exploitation: Attackers can leverage this vulnerability to gain unauthorized access to sensitive data or execute arbitrary code on vulnerable systems.
- Severity: High—due to its active exploitation and potential for significant data breaches.

#### CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability
- Affected Software: Microsoft Windows (specific versions not yet disclosed).
- Vulnerability Type: Protection mechanism failure, enabling attackers to bypass security controls such as ASLR (Address Space Layout Randomization) or DEP (Data Execution Prevention).
- Exploitation: This vulnerability can be chained with other exploits to execute malicious payloads, escalate privileges, or maintain persistence on compromised systems.
- Severity: Critical—due to its potential to undermine core Windows security features.

### Impact Assessment
The addition of these vulnerabilities to CISA’s KEV Catalog underscores their high risk to both federal and private sector networks. Here’s why they matter:

1. Active Exploitation: Threat actors are already leveraging these vulnerabilities to compromise systems, steal data, or deploy malware. Delaying patches increases the window of opportunity for attackers.
2. Federal Compliance: FCEB agencies face mandatory remediation deadlines under BOD 22-01. Failure to comply could result in network breaches and regulatory consequences.
3. Wider Threat Landscape: While federal agencies are the primary focus of BOD 22-01, all organizations using ConnectWise ScreenConnect or Microsoft Windows are at risk. Cybercriminals often target unpatched systems in the private sector, leading to data breaches, ransomware attacks, or espionage.
4. Supply Chain Risks: Vulnerabilities in widely used software like Microsoft Windows can have cascading effects, impacting third-party vendors, partners, and customers.

### Mitigation Steps
CISA and security experts recommend the following actions to mitigate these vulnerabilities:

1. Immediate Patching:
- For CVE-2024-1708, apply the latest security updates from ConnectWise.
- For CVE-2026-32202, install the latest Microsoft Windows security patches from the Microsoft Update Catalog.

2. Prioritize KEV Catalog Vulnerabilities:
- Regularly monitor CISA’s KEV Catalog for updates and prioritize remediation of listed vulnerabilities.

3. Implement Workarounds:
- If patching is not immediately possible, apply temporary workarounds such as:
- Disabling affected services or features.
- Restricting access to vulnerable systems via network segmentation or firewalls.
- Enforcing strict access controls and monitoring for suspicious activity.

4. Enhance Monitoring:
- Deploy intrusion detection systems (IDS) and endpoint detection and response (EDR) solutions to detect and block exploitation attempts.
- Review logs for signs of compromise, such as unusual file access patterns or unauthorized privilege escalation.

5. Educate Stakeholders:
- Ensure IT teams, executives, and end-users are aware of the risks and the importance of timely patching.
- Conduct regular security training to recognize phishing attempts or social engineering tactics that may precede exploitation.

## Conclusion
The addition of CVE-2024-1708 and CVE-2026-32202 to CISA’s KEV Catalog serves as a stark reminder of the evolving threat landscape and the critical importance of proactive vulnerability management. While federal agencies are required to act under BOD 22-01, all organizations must treat these vulnerabilities as a top priority to avoid falling victim to cyberattacks.

By patching promptly, implementing workarounds, and enhancing monitoring, organizations can significantly reduce their risk exposure. Stay vigilant, stay informed, and prioritize security to safeguard your networks against emerging threats.

## References
[^1]: CISA. "CISA Adds Two Known Exploited Vulnerabilities to Catalog". Retrieved 2025-01-24.
[^2]: CVE. "CVE-2024-1708 Detail". Retrieved 2025-01-24.
[^3]: CVE. "CVE-2026-32202 Detail". Retrieved 2025-01-24.
[^4]: CISA. "Binding Operational Directive 22-01". Retrieved 2025-01-24.