<ul><li>The US Cybersecurity and Infrastructure Agency (CISA) has added a Windows kernel bug and an Adobe ColdFusion flaw to its Known Exploited Vulnerabilities (KEV) catalog.</li><li>The Windows kernel bug, tracked as CVE-2024-35250, can be exploited to gain system privileges in low-complexity attacks without user interaction.</li><li>The Adobe ColdFusion flaw, tracked as CVE-2024-20767, allows unauthenticated remote threat actors to read sensitive files and requires the admin panel to be exposed to the internet.</li><li>Federal agencies have been given deadlines to apply the patches for these vulnerabilities or stop using the affected software.</li></ul>

US government warns federal agencies to patch dangerous Windows kernel bug

Discover more