There are 95 new known exploited vulnerabilities that IT and security professionals should immediately investigate and mitigate, including several that date back at least a decade, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The agency added the vulnerabilities to its catalog of known exploited vulnerabilities based on evidence of exploitation in the wild. The security bugs added this week are frequent attack vectors for threat actors and post significant risk to not only government networks, but the private sector as well.
With the new additions, CISA’s catalog now includes 478 vulnerabilities that have been exploited in the wild.
The newly added vulnerabilities include newly discovered bugs in Cisco Small Business RV Series routers and other switches, Cisco’s IOS software, Microsoft Excel, Exchange Server, Adobe Flash Player, Linux Kernel and many others.
All of CISA’s new known exploited vulnerabilities added are currently patchable by following vendor instructions, according to CISA’s database.
While most of the bugs recently added are relatively new, many are older, with some dating back nearly 20 years, including Windows privilege Escalation vulnerabilities from 2002 and 2004. According to CISA’s full list, there are 23 known exploited vulnerabilities that are at least a decade old.
The bugs range in severity, but many are rated as high or critical, so organizations should make sure their systems are patched, especially for the older vulnerabilities listed.
Government agencies are required to patch the majority of the newly listed vulnerabilities by March 24, but there is a shorter deadline of March 17 for 27 of the bugs, eight of which come with CVSS score of at least 9.8, so they should be prioritized.
Those bugs with a shorter deadline include the Cisco Small Business RV series vulnerabilities, Microsoft Windows Installer, Apache Tomacat, Treck TCP/IP stack, Exim, Microsoft Excel, Microsoft Exchange Server, ChakraCore scripting engine, Cisco IOS software and Cisco Catalyst 4500 and 45000-X series switches.