Article Details

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - Last year, Microsoft acknowledged that CVE-2024-49035 had been exploited in the wild, but did not reveal any additional details on how it was weaponized in real-world attacks. There are currently no public reports about in-the-wild abuse of CVE-2023-34192. In light of the development, Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the necessary updates by March 18, 2025, to secure their networks. The development comes a day after CISA added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.