CISA Identifies Active Vulnerabilities in ConnectWise and Windows Systems

CISA has added two high-severity vulnerabilities to its KEV catalog: a ConnectWise remote code execution flaw caused by poor authentication and a Windows kernel privilege escalation that is being actively exploited. Patches are available for both issues, but many systems remain unpatched, so administrators are strongly urged to apply updates immediately to mitigate significant risk.