The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two significant vulnerabilities affecting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog. This inclusion signifies that these flaws are currently being actively exploited in the wild, posing an immediate threat to organizations.

Key Takeaways

• CISA has added CVE-2024-1708 (ConnectWise ScreenConnect) and CVE-2026-32202 (Microsoft Windows) to its KEV catalog due to active exploitation.

• Federal agencies are mandated to patch these vulnerabilities by specific deadlines.

• The vulnerabilities could allow for remote code execution, data compromise, and spoofing attacks.

ConnectWise ScreenConnect Vulnerability

The vulnerability in ConnectWise ScreenConnect, identified as CVE-2024-1708, is a path traversal flaw with a CVSS score of 8.4. This vulnerability could enable an attacker to execute remote code or gain unauthorized access to confidential data and critical systems. ConnectWise released a fix for this issue in February 2024. Attacks exploiting CVE-2024-1708 have often been chained with CVE-2024-1709, a critical authentication bypass vulnerability. Microsoft has recently linked the exploitation of these combined flaws to a China-based threat actor deploying Medusa ransomware.

Microsoft Windows Vulnerability

The Microsoft Windows vulnerability, tracked as CVE-2026-32202, has a CVSS score of 4.3 and is classified as a protection mechanism failure in the Windows Shell. This flaw could allow an unauthorized attacker to perform spoofing over a network. CISA's addition of this vulnerability to the KEV catalog follows Microsoft's acknowledgment of its active exploitation. While Microsoft has not detailed the specific attacks, it's noted that this vulnerability stems from an incomplete patch for CVE-2026-21510, which was previously exploited as a zero-day alongside CVE-2026-21513 by the Russian hacking group APT28 in attacks targeting Ukraine and EU countries.

Mandates and Recommendations

Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes for CVE-2024-1708 by May 12, 2026. CISA urges all organizations, including those in the private sector, to review the KEV catalog and prioritize the remediation of these actively exploited vulnerabilities to protect their networks from further compromise.

By staying vigilant and adopting safe browsing practices, users can significantly reduce their exposure to these evolving threats. As cyber threats continue to evolve, your security strategy needs to evolve with them. BetterWorld Technology delivers adaptive cybersecurity solutions designed to keep your business secure while supporting innovation. Connect with us today to schedule a personalized consultation.

Sources

• CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV, The Hacker News.

• U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog, Security Affairs.

• CISA Adds Six Microsoft 0-Day Vulnerabilities to KEV Catalog Following Active Exploitation, CyberSecurityNews.

• CISA Warns ConnectWise ScreenConnect Vulnerability Actively Exploited in Attacks, Cyber Press.

• CISA warns of ConnectWise ScreenConnect bug exploited in attacks, BleepingComputer.