The Cybersecurity and Infrastructure Security Agency has issued an urgent notice to federal agencies, setting a deadline of January 23 for mitigation efforts.
The Cybersecurity and Infrastructure Security Agency has identified and added two significant vulnerabilities to its Known Exploited Vulnerabilities catalogue.
CVE-2023-7024 was a critical vulnerability in the WebRTC component of Google Chrome, discovered in December 2023.
It allowed attackers to potentially exploit a heap buffer overflow via a specially crafted HTML page, ultimately gaining control of a victim's computer.
Google patched the security vulnerability in December 2023 and is no longer considered a threat for users who have updated their Chrome browser to the patched version.
It's important to keep your browser and other software up to date to protect yourself from future vulnerabilities.
CVE-2023-7101 is a critical vulnerability affecting Spreadsheet::ParseExcel, a Perl module used for parsing Excel files.
It exposes a remote code execution risk, allowing attackers to potentially take control of a vulnerable system through specially crafted Excel files.
The vulnerability allows attackers to upload a malicious Excel file to a vulnerable system.
The vulnerability can also be exploited via the evaluation of Number format strings, leading to arbitrary code execution on the system.
This could allow attackers to steal sensitive data, install malware, disrupt system operations and take complete control of the affected system.
Users operating systems with software dependent on Spreadsheet::ParseExcel version 0.65 are currently exposed to this security risk.
This vulnerability extends its reach to various applications and frameworks developed with Perl, thereby potentially affecting a broad spectrum of systems.
A patched version, 0.66, has been released by Metacpan to address the identified vulnerability.
As a precautionary measure, users are strongly advised to promptly update to this patched version.
In cases where immediate updating is not feasible, it is recommended to implement mitigating measures such as restricting file uploads or disabling the functionality associated with Spreadsheet::ParseExcel.
CISA has issued an urgent notice to federal agencies, setting a deadline of January 23 for mitigation efforts.
Agencies are instructed to follow vendor guidelines for resolving these vulnerabilities promptly or cease the use of the affected products.
This Cyber News was published on www.hackread.com. Publication date: Thu, 04 Jan 2024 13:43:05 +0000