GRC Viewpoint

US Federal Agencies have to Ensure their Systems Are Secured Against a Linux Bug, Deadline is July 18

As per the latest news by CISA, all the US federal agencies that fall under the Federal Civilian Executive Branch will be required to secure their systems by the 18th of this month. The systems have to be secured against a PwnKit vulnerability.

The CISA says a Linux susceptibility identified as CVE-2021-4034 and PwnKit is a serious issue and all federal agencies have to fix this by the given deadline.

READ MORE: A Single Incidence of Compromise on A Slack Account Can be Extremely Disastrous for your entire organization

The vulnerability was tracked in January this year, and CISA on Monday declared this latest vulnerability as a ‘must patch’ type. The list of such vulnerabilities that need urgent tackling is officially termed ‘ Known Exploited Vulnerabilities Catalog.’

Now that this recent susceptibility features in the list, it clearly indicates that it has been exploited considerably high. CISA only adds such vulnerabilities to this list.

READ MORE: The Biggest Vulnerability Challenges in 2022: What Most CISOs Think

The flaw impacts Polkit, which is the term for a component made for regulating system-wide privileges in several operating systems, such as Unix-like operating systems.

Although Red Hat controls Polkit, several Linux distributions also utilize this component.

The vulnerability in the news comes across as a memory corruption problem that can be exploited for, say, privilege escalation. Further, it enables unprivileged local users to raise permissions to root.

Imperatively, there are so far no public records of any such vulnerability exploitation. However, as it features in the must-patch list, there have been many incidents surrounding this.

Also, evidence of this vulnerability exploitation can be found in log files. However, this is not always possible as often the activity leaves no evidence.

 

Related Articles

Latest Articles