The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities affecting the Linux kernel, Android devices, Microsoft Windows Shell, and ConnectWise ScreenConnect to its Known Exploited Vulnerabilities (KEV) catalog, according to a report by Security Affairs.
KEV catalog additions are significant because they confirm that the listed vulnerabilities are being actively exploited in the wild. For U.S. federal civilian agencies, inclusion triggers binding operational directives requiring remediation within specific deadlines. For the broader private sector, the catalog functions as a de facto prioritisation standard that security teams worldwide use to triage the most urgent threats.
Linux Kernel and Android Flaws
The Linux kernel vulnerabilities are particularly noteworthy given the kernel's ubiquity across cloud infrastructure, enterprise servers, embedded devices, and billions of Android handsets. Any kernel-level flaw confirmed as actively exploited puts a vast range of systems at risk.
The Android-related additions compound this concern. Security updates for Android depend heavily on device manufacturers and carriers, meaning many devices in the field may remain vulnerable long after patches become available upstream.
ConnectWise ScreenConnect
ConnectWise ScreenConnect, a remote access tool widely used by managed service providers (MSPs), has a history of being targeted by threat actors. Compromising a single MSP's ScreenConnect deployment can potentially expose dozens or hundreds of downstream client environments, making any KEV-listed flaw in the platform an urgent concern for the MSP ecosystem.
Windows Shell
The Windows Shell flaw adds to the list, serving as a reminder that core operating system components remain attractive targets for attackers given Windows' dominance in enterprise environments.
What Security Teams Should Do
For organisations looking to act on this update, the practical steps are:
- Verify patch status across all systems running the affected software, prioritising internet-facing and high-value assets.
- Assess ScreenConnect exposure specifically, given the platform's history of exploitation.
- Automate KEV ingestion into existing vulnerability management pipelines so that future catalog additions trigger immediate review rather than relying on manual monitoring.
While the binding remediation deadlines apply only to U.S. federal agencies, security professionals globally — including those in Hong Kong and across the Asia-Pacific region — would be well served by treating the KEV catalog as a critical input to their threat prioritisation frameworks.
根據Security Affairs的報導,美國網絡安全和基礎設施安全局已將影響Linux內核、Android設備、微軟Windows Shell以及ConnectWise ScreenConnect的漏洞加入其「已知遭利用漏洞」目錄。
KEV目錄的新增條目意義重大,因為它們確認了所列漏洞正在被積極利用。對於美國聯邦民用機構而言,被列入目錄將觸發具有約束力的行動指令,要求其在具體期限內完成修復。對於更廣泛的私營部門,該目錄已成為全球安全團隊用以篩選最緊急威脅的「事實上」優先級排序標準。
Linux內核與Android漏洞
Linux內核漏洞尤其值得關注,原因在於該內核廣泛應用於雲端基礎設施、企業伺服器、嵌入式設備以及數十億台Android手機。任何被確認遭活躍利用的內核級別漏洞,都將使龐大範圍的系統面臨風險。
與Android相關的新增條目加劇了這一擔憂。Android的安全更新很大程度上依賴於設備製造商和電訊商,這意味著許多現役設備可能在上游補丁發佈後很長時間內仍然處於易受攻擊狀態。
ConnectWise ScreenConnect
ConnectWise ScreenConnect是一款被託管服務供應商廣泛使用的遠端存取工具,歷史上一直是威脅行為者的攻擊目標。攻陷單個MSP的ScreenConnect部署,可能暴露數十或數百個下游客戶環境,這使得該平台上任何被列入KEV的漏洞都成為MSP生態系統中的緊急問題。
Windows Shell
Windows Shell漏洞的加入進一步提醒我們,鑑於Windows在企業環境中的主導地位,核心操作系統組件仍然是攻擊者的誘人目標。
安全團隊應採取的行動
對於希望根據此更新採取行動的組織,實際步驟包括:
- 驗證補丁狀態:檢查所有運行受影響軟件的系統,優先處理面向互聯網的和高價值資產。
- 評估ScreenConnect暴露面:鑑於該平台曾遭利用的歷史,需進行專門評估。
- 自動化KEV整合:將目錄整合到現有的漏洞管理流程中,使未來的目錄新增能觸發即時審查,而非依賴人工監控。
雖然具有約束力的修復期限僅適用於美國聯邦機構,但全球的安全專業人士——包括香港及亞太地區的同行——將KEV目錄視為其威脅優先級排序框架的關鍵輸入,將大有裨益。