Apr 29
/
Latest News
CISA Sounds Alarm: Active Exploits Found in Windows and ConnectWise Systems
The Cybersecurity and Infrastructure Security Agency (CISA) has officially expanded its Known Exploited Vulnerabilities (KEV) catalog, adding two high-risk flaws currently being weaponized by cybercriminals. The move mandates that Federal Civilian Executive Branch (FCEB) agencies prioritize patches for these vulnerabilities to mitigate immediate risks to national security and data integrity. The newly listed threats impact ConnectWise ScreenConnect and Microsoft Windows, highlighting a persistent trend of attackers targeting both remote management tools and core operating system components.
The first flaw, identified as CVE-2024-1708, carries a high CVSS severity score of 8.4 and represents a path traversal vulnerability in ConnectWise ScreenConnect. This flaw allows an attacker to execute remote code or directly impact confidential data and critical systems. Although a fix was released in February 2024, the vulnerability remains a potent weapon when chained with other flaws. Microsoft recently attributed active exploitation of this bug to Storm-1175, a China-based threat actor known for deploying Medusa ransomware.
The second vulnerability, CVE-2026-32202, involves a protection mechanism failure in the Microsoft Windows Shell with a CVSS score of 4.3. While its severity rating is lower, the flaw allows unauthorized attackers to perform network-based spoofing. Its addition to the KEV catalog follows a confirmation from Microsoft that the flaw is under active exploitation. Security researchers at Akamai have noted that this vulnerability stems from an incomplete patch for an earlier bug, which has been leveraged by the Russian hacking group APT28 in campaigns targeting Ukraine and European Union countries since late 2025.
Under Binding Operational Directive 22-01, federal agencies are legally required to remediate these specific vulnerabilities to secure their networks. CISA has set a strict deadline of May 12, 2026, for agencies to apply the necessary fixes. Beyond the federal mandate, cybersecurity experts strongly urge private sector organizations to update their systems immediately, as state-sponsored actors and ransomware groups continue to actively scan for these specific weaknesses to gain unauthorized access to critical infrastructure.
The first flaw, identified as CVE-2024-1708, carries a high CVSS severity score of 8.4 and represents a path traversal vulnerability in ConnectWise ScreenConnect. This flaw allows an attacker to execute remote code or directly impact confidential data and critical systems. Although a fix was released in February 2024, the vulnerability remains a potent weapon when chained with other flaws. Microsoft recently attributed active exploitation of this bug to Storm-1175, a China-based threat actor known for deploying Medusa ransomware.
The second vulnerability, CVE-2026-32202, involves a protection mechanism failure in the Microsoft Windows Shell with a CVSS score of 4.3. While its severity rating is lower, the flaw allows unauthorized attackers to perform network-based spoofing. Its addition to the KEV catalog follows a confirmation from Microsoft that the flaw is under active exploitation. Security researchers at Akamai have noted that this vulnerability stems from an incomplete patch for an earlier bug, which has been leveraged by the Russian hacking group APT28 in campaigns targeting Ukraine and European Union countries since late 2025.
Under Binding Operational Directive 22-01, federal agencies are legally required to remediate these specific vulnerabilities to secure their networks. CISA has set a strict deadline of May 12, 2026, for agencies to apply the necessary fixes. Beyond the federal mandate, cybersecurity experts strongly urge private sector organizations to update their systems immediately, as state-sponsored actors and ransomware groups continue to actively scan for these specific weaknesses to gain unauthorized access to critical infrastructure.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.