The US Cybersecurity & Infrastructure Security Agency (CISA) has added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. It says there is evidence of active exploitation of all of these vulnerabilities. According to CISA, “These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.”
For each of the vulnerabilities, CISA has added a remediation date. It is the date by which those government entities that it lists as being part of the “federal enterprise” must patch. The 95 entries have a range of patch-by dates. The most urgent must be patched by March 17, with the rest patched by March 24.
What’s on the list?
The list of new vulnerabilities makes for interesting reading. Many of the most urgent vulnerabilities that need to be patched by March 17 affect Cisco routers and its IOS software. The majority are attacks that can lead to elevated privileges, execution of arbitrary commands and the bypass of authentication mechanisms.
Microsoft Windows, Exchange Server and Excel also have fixes to be applied by March 17. These are a mix of privilege elevation risks and remote code execution.
Looking further out to March 24, Microsoft, Adobe, Cisco and Oracle dominate the list of fixes that need to be applied.
What is also important here is that the vast majority of these are NOT new CVEs. Many are several years old with one of the Microsoft vulnerabilities such as CVE-2002-0367 from 2002. That CISA has to issue warnings for vulnerabilities that old raises questions as to how poorly patched the federal enterprise is.
Enterprise Times: What does this mean?
Patching vulnerabilities that are already being exploited is something organisations should be jumping on. While the CISA list is aimed at the US federal enterprise, this list also has real significance for all organisations.
What is surprising about this list is how many new vulnerabilities have been added in one go. One reason for this could be a sudden surge in 0-day attacks being weaponised. Another reason could be the widespread number of attacks across organisations of all sizes taking place due to the Russian invasion of Ukraine.
No matter what the reason is, organisations should act now.