Over the past few days, several critical vulnerabilities have been caught exploited by threat actors in the wild, these vulnerabilities were added to CISA's KEV catalog, we have analyzed the ones that are remotely exploitable and added detection for them in Ostorlab KEV.

• CVE-2024-1709

CVE-2024-1709 is a critical authentication bypass affecting ConnectWise ScreenConnect versions before 23.9.8, the vulnerability was given 10.0 CVSS score.

This vulnerability is being actively exploited by several threat actors to deploy ransomware and crypto miners, notably the LockBit ransomware group who leveraged it to target high profile institutions.

• CVE-2024-21410

CVE-2024-21410 is a remote code execution in Microsoft Outlook that bypasses Office's Protected View. The vulnerability can be triggered when Outlook processes a specially crafted email containing a malicious RTF file that gets processed in the background by Microsoft Word, the vulnerability was given a 9.8 CVSS score.

• CVE-2023-43770

CVE-2023-43770 is a cross-site scripting (XSS) vulnerability affecting several RoundCube versions, the vulnerability can be triggered by sending a specially crafted email to target's inbox, the vulnerability was given a 6.1 CVSS score.