On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) made a significant update to its Known Exploited Vulnerabilities (KEV) catalog by adding two crucial security flaws that impact ConnectWise ScreenConnect and Microsoft Windows. This decision was based on evidence demonstrating that these vulnerabilities are actively being exploited in the wild, signaling potential threats to users and organizations alike.
The vulnerabilities included in the addition to the catalog are as follows:
-
CVE-2024-1708 (CVSS score: 8.4) – This vulnerability is categorized as a path traversal flaw in ConnectWise ScreenConnect. It has the potential to enable an attacker to execute arbitrary code remotely, putting confidential data and critical systems at risk. This particular flaw was addressed in February 2024, but the risk associated with it persists as exploits materialize.
- CVE-2026-32202 (CVSS score: 4.3) – Identified as a protection mechanism failure vulnerability within the Microsoft Windows Shell, this issue can allow unauthorized attackers to engage in network spoofing. While Microsoft has worked to resolve this issue, as noted in a fix released in April 2026, the threat remains due to recent active exploitation.
The timing of adding CVE-2026-32202 to the KEV catalog is noteworthy. The day before CISA’s announcement, Microsoft updated its advisory regarding this flaw, acknowledging that it had come under active use by malicious entities. However, Microsoft has not provided detailed information on the specific nature of the attacks exploiting this vulnerability. This lack of information has led security experts, particularly from Akamai, to suggest that the vulnerability originated from an incomplete patch associated with CVE-2026-21510. The same set of exploits has been attributed to Russian hacking group APT28, which has targeted Ukraine and various European Union countries since December 2025.
In contrast to CVE-2026-32202, attacks leveraging CVE-2024-1708 have been linked to a more extensive chain of vulnerabilities. Notably, these exploits have been coupled with CVE-2024-1709, which has a critical CVSS score of 10.0 for its authentication bypass capabilities. Multiple threat actors have previously utilized these vulnerabilities in their attacks. Recently, Microsoft has identified a connection between these exploitations and a China-based threat actor, referred to as Storm-1175. This group has reportedly employed the vulnerabilities in attacks aimed at deploying Medusa ransomware, further underscoring the ongoing and evolving threat landscape.
To provide perspective on these developments, it is noteworthy that CVE-2024-1709 was previously added to the KEV catalog on February 22, 2024. This action underlines the increasing importance placed on ensuring the security of federal systems. Agencies within the Federal Civilian Executive Branch (FCEB) are mandated to apply necessary patches and fixes by May 12, 2026, to safeguard their networks against potential breaches stemming from these vulnerabilities.
The implications of these vulnerabilities are considerable. Organizations that fail to address these security flaws or that remain unaware of their existence could be opening their systems to possible exploitation, resulting in data breaches or unauthorized access to sensitive information. The evolving nature of these threats suggests that continuous vigilance, monitoring, and prompt patching of security vulnerabilities remain essential components of any cybersecurity strategy.
As the cybersecurity industry grapples with these emerging threats, individuals and organizations are reminded of the importance of adhering to CISA updates and advisories. In an environment where cyber threats are becoming increasingly sophisticated and robust, proactive measures can serve as the frontline defense against malicious attacks. Therefore, it is crucial for organizations, especially those within critical infrastructure sectors, to stay informed and take decisive actions in response to vulnerabilities identified and cataloged by CISA and other cybersecurity authorities. This ongoing commitment not only protects vital information systems but also contributes to the broader landscape of national cybersecurity resilience.