CISA Flags Two Actively Exploited Vulnerabilities in KEV Catalog Update

CISA Updates KEV Catalog with Two New Actively Exploited Flaws

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The update, issued on February 20, 2026, underscores the urgency for federal agencies and organizations to apply mitigations promptly.

Technical Details of the Vulnerabilities

1. CVE-2024-21412 (CVSS: 8.1) – Microsoft Windows Internet Shortcut Files Security Feature Bypass

   • Affected Software: Microsoft Windows
   • Vulnerability Type: Security feature bypass via malicious Internet Shortcut (.URL) files
   • Exploitation Vector: Attackers can craft specially designed .URL files to bypass Mark of the Web (MotW) protections, allowing malicious scripts to execute without security warnings.
   • Impact: Successful exploitation could lead to arbitrary code execution with user-level privileges, enabling further compromise of affected systems.

2. CVE-2023-29360 (CVSS: 7.8) – Microsoft Streaming Service Proxy Elevation of Privilege

   • Affected Software: Microsoft Windows Streaming Service Proxy
   • Vulnerability Type: Local privilege escalation
   • Exploitation Vector: A low-privileged attacker with access to a vulnerable system can exploit a flaw in the Streaming Service Proxy to escalate privileges to SYSTEM level.
   • Impact: This vulnerability could allow attackers to gain full control over a compromised host, facilitating lateral movement or persistence within a network.

Impact Analysis

Both vulnerabilities are being actively exploited, posing significant risks to unpatched systems. CVE-2024-21412 is particularly concerning due to its potential for initial access via phishing or drive-by download attacks, while CVE-2023-29360 could be chained with other exploits to achieve full system compromise. Federal agencies under CISA’s Binding Operational Directive (BOD) 22-01 are required to remediate these flaws by March 13, 2026, though all organizations are strongly encouraged to prioritize patching.

Recommendations

• Apply Patches Immediately: Organizations should deploy Microsoft’s official patches for CVE-2024-21412 and CVE-2023-29360 without delay.
• Enforce MotW Protections: For CVE-2024-21412, ensure Mark of the Web (MotW) security features are enabled and properly configured to block malicious .URL files.
• Monitor for Exploitation: Implement network and endpoint detection rules to identify potential exploitation attempts, such as unusual process execution or privilege escalation activity.
• Review CISA’s KEV Catalog: Regularly consult the KEV Catalog for updates on actively exploited vulnerabilities and prioritize remediation accordingly.

CISA’s addition of these vulnerabilities to the KEV Catalog highlights the critical need for proactive vulnerability management in enterprise environments. Failure to address these flaws could expose organizations to targeted attacks by advanced threat actors.