The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently identified and added two critical security vulnerabilities that have been actively exploited by threat actors. These vulnerabilities affect ConnectWise ScreenConnect and Microsoft Windows systems, posing significant risks to data security and system integrity.
Here are the details of the vulnerabilities:
- CVE-2024-1708 (CVSS score: 8.4) – This vulnerability in ConnectWise ScreenConnect allows attackers to execute remote code or access confidential data and critical systems. The issue was addressed in February 2024.
- CVE-2026-32202 (CVSS score: 4.3) – A vulnerability in Microsoft Windows Shell that could be exploited for spoofing over a network. Microsoft released a fix for this vulnerability in April 2026.
The inclusion of CVE-2026-32202 in the Known Exploited Vulnerabilities (KEV) catalog follows reports of active exploitation of this security flaw. Microsoft recently updated its advisory to acknowledge the ongoing attacks targeting this vulnerability.
While specific details of the exploits are not disclosed by Microsoft, it is believed that CVE-2026-32202 originated from an incomplete patch related to CVE-2026-21510. This vulnerability was previously exploited by the Russian hacking group APT28 alongside CVE-2026-21513 in attacks against Ukraine and E.U. countries since December 2025.
On the other hand, attacks leveraging CVE-2024-1708 have been linked to CVE-2024-1709 (CVSS score: 10.0), a critical authentication bypass vulnerability. Threat actors, including a China-based group known as Storm-1175, have exploited these vulnerabilities in conjunction, leading to attacks deploying Medusa ransomware.
It’s important to note that CISA added CVE-2024-1709 to the KEV catalog in February 2024. Federal agencies are mandated to apply necessary patches by May 12, 2026, to enhance the security of their networks and mitigate the risks posed by these vulnerabilities.
