My TechDecisions

IT Infrastructure, Network Security, News

CISA Adds 95 New Bugs To Database Of Known Exploited Vulnerabilities

Some security bugs recently added to CISA's catalog of known exploited vulnerabilities are more than a decade old.

Leave a Comment

CISA
Tada Images/ Stock.adobe.com

There are 95 new known exploited vulnerabilities that IT and security professionals should immediately investigate and mitigate, including several that date back at least a decade, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The agency added the vulnerabilities to its catalog of known exploited vulnerabilities based on evidence of exploitation in the wild. The security bugs added this week are frequent attack vectors for threat actors and post significant risk to not only government networks, but the private sector as well.

With the new additions, CISA’s catalog now includes 478 vulnerabilities that have been exploited in the wild.

The newly added vulnerabilities include newly discovered bugs in Cisco Small Business RV Series routers and other switches, Cisco’s IOS software, Microsoft Excel, Exchange Server, Adobe Flash Player, Linux Kernel and many others.

All of CISA’s new known exploited vulnerabilities added are currently patchable by following vendor instructions, according to CISA’s database.

While most of the bugs recently added are relatively new, many are older, with some dating back nearly 20 years, including Windows privilege Escalation vulnerabilities from 2002 and 2004. According to CISA’s full list, there are 23 known exploited vulnerabilities that are at least a decade old.

The bugs range in severity, but many are rated as high or critical, so organizations should make sure their systems are patched, especially for the older vulnerabilities listed.

Government agencies are required to patch the majority of the newly listed vulnerabilities by March 24, but there is a shorter deadline of March 17 for 27 of the bugs, eight of which come with CVSS score of at least 9.8, so they should be prioritized.

Those bugs with a shorter deadline include the Cisco Small Business RV series vulnerabilities, Microsoft Windows Installer, Apache Tomacat, Treck TCP/IP stack, Exim, Microsoft Excel, Microsoft Exchange Server, ChakraCore scripting engine, Cisco IOS software and Cisco Catalyst 4500 and 45000-X series switches.

Click here for CISA’s full list of known exploited vulnerabilities. 

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Uber Advanced Technologies Group Drives its Business Forward

The guiding principle for the new Uber meeting room redesign was “invisible comfort” to ensure that everyone could maximize productivity.

Windows 11
Blueprint Series: Upgrading to Windows 11

Upgrading end users to Windows 11 could be one of the most challenging tasks IT has to face in the coming years. Although the new version is touted...

The State of the IT Department in 2022

The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to ma...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ