Fixed Intel
Aggregated IntelIndustry News

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

The security defects allow attackers to escalate privileges and execute arbitrary code remotely.

FIFixed Intel Team||2 min read|2 Views
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

Aggregated from SecurityWeek

This article was automatically aggregated from an external source. Content may be summarized.

Read Original

Full Analysis

The US cybersecurity agency CISA on Monday expanded its Known Exploited Vulnerabilities (KEV) catalog with seven vulnerabilities, including two Windows bugs.

Tracked as CVE-2023-36424, the first of the Windows flaws is described as a common log file driver issue that could lead to privilege escalation.

Microsoft released patches for the vulnerability in November 2023, and technical details and proof-of-concept (PoC) code targeting it were published the next month.

The second Windows weakness added to the KEV list is CVE-2025-60710, described as a link-following vulnerability in the host process for Windows Tasks that could be exploited for privilege escalation.

Patches for the security defect were released in November 2025, and PoC exploit code was made available shortly after.

There appear to be no reports of these flaws being exploited in the wild prior to CISA’s warning. The same applies to CVE-2020-9715, a use-after-free bug in Adobe Acrobat and Reader leading to arbitrary code execution.

Advertisement. Scroll to continue reading.

The bug was patched in August 2020, and PoC code targeting it has been publicly available for years.

On Monday, CISA also added to the KEV list CVE-2023-21529, an Exchange weakness flagged as exploited by Microsoft last week in a report detailing the Medusa ransomware gang’s recent activity.

Other new additions to the KEV list include CVE-2026-34621 and CVE-2026-21643, recently disclosed issues in Adobe Acrobat and Reader, and Fortinet FortiClient EMS that have been exploited as zero-days. Both defects allow remote attackers to execute arbitrary code on vulnerable systems.

Additionally, CISA warned that CVE-2012-1854, an insecure library-loading vulnerability in Microsoft Visual Basic for Applications that enables remote code execution (RCE), has been in attackers’ crosshairs.

The security defect was patched in November 2012, when Microsoft warned that it had been exploited in the wild as a zero-day.

CISA urges federal agencies to apply fixes for these vulnerabilities within two weeks, except for the Fortinet bug, which should be patched by April 16.

Related: Critical Marimo Flaw Exploited Hours After Public Disclosure

Related: TrueConf Zero-Day Exploited in Asian Government Attacks

Related: React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Related: F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

Originally published by SecurityWeek

Original Source

SecurityWeek