My TechDecisions

IT Infrastructure, Network Security, News

CISA Adds 95 New Bugs To Database Of Known Exploited Vulnerabilities

Some security bugs recently added to CISA's catalog of known exploited vulnerabilities are more than a decade old.

Leave a Comment

CISA Software Security
Tada Images/ Stock.adobe.com

There are 95 new known exploited vulnerabilities that IT and security professionals should immediately investigate and mitigate, including several that date back at least a decade, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The agency added the vulnerabilities to its catalog of known exploited vulnerabilities based on evidence of exploitation in the wild. The security bugs added this week are frequent attack vectors for threat actors and post significant risk to not only government networks, but the private sector as well.

With the new additions, CISA’s catalog now includes 478 vulnerabilities that have been exploited in the wild.

The newly added vulnerabilities include newly discovered bugs in Cisco Small Business RV Series routers and other switches, Cisco’s IOS software, Microsoft Excel, Exchange Server, Adobe Flash Player, Linux Kernel and many others.

All of CISA’s new known exploited vulnerabilities added are currently patchable by following vendor instructions, according to CISA’s database.

While most of the bugs recently added are relatively new, many are older, with some dating back nearly 20 years, including Windows privilege Escalation vulnerabilities from 2002 and 2004. According to CISA’s full list, there are 23 known exploited vulnerabilities that are at least a decade old.

The bugs range in severity, but many are rated as high or critical, so organizations should make sure their systems are patched, especially for the older vulnerabilities listed.

Government agencies are required to patch the majority of the newly listed vulnerabilities by March 24, but there is a shorter deadline of March 17 for 27 of the bugs, eight of which come with CVSS score of at least 9.8, so they should be prioritized.

Those bugs with a shorter deadline include the Cisco Small Business RV series vulnerabilities, Microsoft Windows Installer, Apache Tomacat, Treck TCP/IP stack, Exim, Microsoft Excel, Microsoft Exchange Server, ChakraCore scripting engine, Cisco IOS software and Cisco Catalyst 4500 and 45000-X series switches.

Click here for CISA’s full list of known exploited vulnerabilities. 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ