CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security flaws—one affecting ConnectWise ScreenConnect and the other targeting Microsoft Windows—to its Known Exploited Vulnerabilities (KEV) catalog, signaling that both vulnerabilities are being actively weaponized in the wild. The ConnectWise flaw, a path‑traversal vulnerability (CVE‑2024‑1709), allows unauthenticated attackers to overwrite critical files on the ScreenConnect server, while the Windows issue (CVE‑2024‑21412) exploits the Mark‑of‑the‑Web security feature to execute arbitrary code via malicious documents. Both flaws have been observed in ongoing attacks, prompting CISA to issue an emergency directive for federal agencies to remediate them within 21 days.

CISA’s inclusion of these vulnerabilities in the KEV underscores the heightened risk they pose to organizations that rely on ConnectWise’s remote‑management platform and Windows endpoints. The agency’s Known Exploited Vulnerabilities catalog is designed to focus remediation efforts on flaws that are known to have been used in real‑world incidents, and federal agencies are required to remediate listed vulnerabilities promptly to reduce the attack surface. Security researchers have linked the ConnectWise flaw to ransomware operators and other threat actors who target managed service providers (MSPs) as an entry point into downstream client networks.

Organizations are advised to apply the latest patches from ConnectWise and Microsoft immediately, verify that the patches have been successfully installed, and monitor for any signs of exploitation such as unexpected file modifications or abnormal authentication events. CISA, in coordination with the FBI, also recommends implementing network segmentation, enforcing least‑privilege access, and ensuring that backup procedures are intact to mitigate the impact of potential ransomware deployments. Continued vigilance and rapid patching remain critical as the threat landscape evolves.