BACK TO NEWS
CERT Advisories

CISA Flags Four Actively Exploited Vulnerabilities in KEV Catalog Update

2 min readSource: CISA Cybersecurity Advisories
CVE-2008-0015

CISA adds four critical vulnerabilities with confirmed active exploitation to its Known Exploited Vulnerabilities Catalog, urging immediate patching.

CISA Expands KEV Catalog with Four Actively Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The update, issued on February 17, 2026, underscores the urgency for organizations to prioritize remediation efforts.

Technical Details of the Vulnerabilities

The newly listed vulnerabilities include:

  1. CVE-2008-0015 – A buffer overflow flaw in Microsoft’s Server Message Block (SMB) protocol implementation, allowing remote code execution (RCE) with system-level privileges. This legacy vulnerability resurfaced due to ongoing exploitation attempts targeting unpatched systems.

  2. CVE-2024-21412 – A Microsoft Windows Internet Shortcut Files security feature bypass vulnerability. Exploiting this flaw enables attackers to bypass Mark-of-the-Web (MotW) protections, facilitating the delivery of malicious payloads via crafted .url files.

  3. CVE-2024-21410 – A privilege escalation vulnerability in Microsoft Exchange Server, stemming from improper validation of cmdlet arguments. Successful exploitation grants attackers elevated privileges, potentially leading to full system compromise.

  4. CVE-2024-21413 – A remote code execution vulnerability in Microsoft Outlook, triggered by the improper handling of specially crafted emails. Attackers can exploit this flaw to execute arbitrary code in the context of the victim’s user session.

Impact Analysis

The inclusion of these vulnerabilities in the KEV Catalog signals their active exploitation by threat actors, including advanced persistent threat (APT) groups and ransomware operators. Organizations running unpatched Microsoft products—particularly Exchange Server, Outlook, and legacy Windows systems—face heightened risks of:

  • Unauthorized system access via RCE or privilege escalation.
  • Lateral movement within networks, leading to data exfiltration or ransomware deployment.
  • Bypass of security controls, such as MotW protections, enabling stealthy malware delivery.

Recommendations for Security Teams

CISA has mandated federal civilian executive branch (FCEB) agencies to remediate these vulnerabilities by March 10, 2026, in accordance with Binding Operational Directive (BOD) 22-01. Private sector organizations are strongly advised to:

  • Apply patches immediately for all affected Microsoft products, prioritizing internet-facing systems.
  • Review CISA’s KEV Catalog for additional context and mitigation guidance.
  • Monitor networks for indicators of compromise (IoCs) associated with these CVEs, particularly unusual SMB traffic (CVE-2008-0015) or suspicious .url file downloads (CVE-2024-21412).
  • Enforce least-privilege access and segment critical systems to limit the impact of potential exploits.

For further details, refer to CISA’s official alert.

Share

TwitterLinkedIn