Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog, emphasizing the need for organizations to stay vigilant in protecting against known exploits.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog. CISA is urging organizations to review their infrastructure and address identified vulnerabilities by the relevant due dates. A critical flaw in FortiSIEM is currently under active exploitation, highlighting the importance of timely patching and updates for all organizations utilizing security solutions like SIEMs. Charon Ransomware has been targeting the Middle East with APT attack methods, underscoring the ever-present threat landscape.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog. This move is a stark reminder of the ever-present threat landscape that organizations face when it comes to cybersecurity.
According to CISA's latest update, the addition of these vulnerabilities highlights the importance of staying vigilant in protecting against known exploits. The KEV catalog serves as a critical resource for federal agencies and private sector organizations alike, providing them with essential information on identified vulnerabilities that pose significant risks.
At the heart of this announcement is the CVE-2013-3893 vulnerability in Microsoft Internet Explorer (MSIE) 6 through 11. This particular flaw allows remote attackers to run arbitrary code via crafted JavaScript, specifically by exploiting a use-after-free issue in mshtml.dll's SetMouseCapture functionality. The consequences of this vulnerability can be dire, as demonstrated by the Operation DeputyDog attack against Japanese entities in September 2013, which took advantage of this zero-day exploit.
Furthermore, CVE-2007-0671 pertains to an unspecified issue in Microsoft Excel 2000, XP, 2003, and 2004 for Mac that could enable remote, user-assisted attackers to execute code. This vulnerability's implications are equally concerning, as it has been the target of zero-day attacks.
Lastly, CVE-2025-8088 pertains to a directory traversal bug in WinRAR version 7.13. Although patched in the latest version, this flaw remains a concern for organizations using older versions of the software. Attackers have already exploited this vulnerability through phishing campaigns, leveraging it to deliver RomCom malware and compromise systems.
Given these recent additions to the KEV catalog, experts emphasize the need for organizations to review their infrastructure and address identified vulnerabilities by the relevant due dates. CISA has ordered federal agencies to fix these vulnerabilities by September 2, 2025, further underscoring the urgency of this issue.
Fortinet warns that a critical flaw in FortiSIEM is currently under active exploitation, highlighting the importance of timely patching and updates for all organizations utilizing security solutions like SIEMs. Additionally, Charon Ransomware has been targeting the Middle East with APT attack methods, underscoring the ever-present threat landscape.
In light of these recent announcements, it is imperative that organizations prioritize their cybersecurity posture by addressing identified vulnerabilities and maintaining a proactive stance against emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/US-Cybersecurity-Agency-Issues-Warning-on-Exploitable-Vulnerabilities-A-Call-to-Action-for-Organizations-ehn.shtml
https://securityaffairs.com/181110/hacking/u-s-cisa-adds-microsoft-internet-explorer-microsoft-office-excel-and-winrar-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Published: Wed Aug 13 19:45:45 2025 by llama3.2 3B Q4_K_M
