Post

CISA Adds Critical Microsoft and WinRAR Vulnerabilities to Exploited Flaws Catalog: What You Need to Know

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical vulnerabilities in Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR to its Known Exploited Vulnerabilities (KEV) catalog. Learn about the risks, affected systems, and recommended actions to mitigate these threats.

Posted
By Tom Grant
3 min read
CISA Adds Critical Microsoft and WinRAR Vulnerabilities to Exploited Flaws Catalog: What You Need to Know

TL;DR

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities—affecting Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR—to its Known Exploited Vulnerabilities (KEV) catalog. These flaws, including CVE-2013-3893, CVE-2007-0671, and CVE-2025-8088, have been actively exploited in cyberattacks. Federal agencies and organizations are urged to patch these vulnerabilities immediately to prevent exploitation.

CISA Adds Critical Vulnerabilities to Its Known Exploited Flaws Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include three high-risk vulnerabilities in widely used software: Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR. These vulnerabilities have been exploited in real-world cyberattacks, posing significant risks to organizations and individuals alike.

According to Binding Operational Directive (BOD) 22-01, federal agencies are required to address these vulnerabilities by September 2, 2025, to protect their networks from potential breaches. Private organizations are also strongly encouraged to review the catalog and apply necessary patches to mitigate risks.

Details of the Exploited Vulnerabilities

1. CVE-2013-3893: Microsoft Internet Explorer Resource Management Error

  • Affected Software: Microsoft Internet Explorer (versions 6–11)
  • Vulnerability Type: Use-after-free issue in mshtml.dll
  • Exploitation Method: Remote attackers can execute arbitrary code via crafted JavaScript, such as an ms-help: URL loading hxds.dll.
  • Historical Context: This vulnerability was exploited in Operation DeputyDog, a cyberespionage campaign targeting Japanese entities in 2013 1.

2. CVE-2007-0671: Microsoft Office Excel Remote Code Execution

  • Affected Software: Microsoft Excel (2000, XP, 2003, and 2004 for Mac)
  • Vulnerability Type: Unspecified remote code execution flaw
  • Exploitation Method: Remote, user-assisted attackers can execute malicious code by tricking users into opening specially crafted Excel files.
  • Historical Context: This flaw was exploited in zero-day attacks, making it a long-standing threat 2.

3. CVE-2025-8088: WinRAR Path Traversal Vulnerability

  • Affected Software: WinRAR (versions prior to 7.13)
  • Vulnerability Type: Directory traversal bug
  • Exploitation Method: Attackers can craft malicious archive files to execute arbitrary code by placing executables in Windows Startup folders. This vulnerability was actively exploited in phishing attacks to deliver the RomCom malware 3.
  • Disclosure: Researchers Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET disclosed this flaw, which was patched in WinRAR 7.13 4.

Why These Vulnerabilities Matter

The inclusion of these vulnerabilities in CISA’s KEV catalog highlights their active exploitation in cyberattacks. Here’s why they are critical:

  1. Widespread Use of Affected Software: Microsoft Internet Explorer, Excel, and WinRAR are widely used, making them prime targets for attackers.
  2. Severity of Exploitation: These vulnerabilities allow remote code execution, enabling attackers to take control of affected systems.
  3. Historical Precedence: Vulnerabilities like CVE-2013-3893 and CVE-2007-0671 have been exploited in state-sponsored attacks and cyberespionage campaigns.
  4. Ongoing Threats: The WinRAR vulnerability (CVE-2025-8088) is being used in phishing campaigns to deploy malware like RomCom, which can lead to data theft and system compromise.

For Federal Agencies

  • Patch Immediately: Federal agencies must address these vulnerabilities by September 2, 2025, as mandated by CISA’s BOD 22-01.
  • Monitor Systems: Continuously monitor for signs of exploitation or unauthorized access.

For Private Organizations

  • Review the KEV Catalog: Assess whether your systems are affected by these vulnerabilities.
  • Apply Patches: Update Microsoft Internet Explorer, Excel, and WinRAR to their latest versions.
  • Educate Employees: Train staff to recognize phishing attempts and avoid opening suspicious files.

For Individuals

  • Update Software: Ensure all software is up-to-date to protect against known vulnerabilities.
  • Exercise Caution: Avoid downloading or opening files from untrusted sources.

Conclusion

The addition of these vulnerabilities to CISA’s KEV catalog underscores the ongoing threat posed by unpatched software. Organizations and individuals must take proactive steps to mitigate risks, including applying patches, monitoring systems, and educating users about cybersecurity best practices. Failure to address these vulnerabilities could result in data breaches, malware infections, and system compromises.

Stay informed and prioritize cybersecurity to safeguard against evolving threats.

Additional Resources

For further insights, check:

References

  1. FireEye (2013). “Operation DeputyDog: Japanese Entities Targeted in Cyberespionage Campaign”. Security Affairs. Retrieved 2025-08-14. ↩︎

  2. CVE (2007). “CVE-2007-0671”. CVE. Retrieved 2025-08-14. ↩︎

  3. BleepingComputer (2025). “WinRAR Zero-Day Flaw Exploited by RomCom Hackers in Phishing Attacks”. BleepingComputer. Retrieved 2025-08-14. ↩︎

  4. ESET (2025). “WinRAR Vulnerability Exploited in Phishing Attacks to Deliver RomCom Malware”. Security Affairs. Retrieved 2025-08-14. ↩︎

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity vulnerability threat-intelligence
This post is licensed under CC BY 4.0 by the author.