CISA

CISA has added ten new security vulnerabilities to its growing list of Known Exploited Vulnerabilities (KEV) today, asking the federal agencies to patch all of them in a given date to be secured.

Some of them include high severity bugs like the local privilege escalation and an RCE bug in certain elements of highly used system OS – Windows. Since most of the noted bugs have patches, CISA asked the agencies to apply them, and use workarounds for those that don’t have patches.

CISA Catalog of Known Exploited Vulnerabilities

Regularly the US Cybersecurity and Infrastructure Security Agency (CISA) updates its catalog of Known Exploited Vulnerabilities (KEV) with new bugs found in the widely used software in federal agencies. This directive, named the BOD 22-01, should be adhered to by all federal agencies without failing.

In the latest update, CISA added ten new security bugs that are actively exploited in wild. One among them includes a high severity local privilege escalation vulnerability in the Windows Common Log File System Driver, tracker as CVE-2022-24521.

This was reported by CrowdStrike and the US National Security Agency and even received a patch by Microsoft in April Patch Tuesday update. But, it’s still the job of end system admins to apply this update to have that bug patched.

Another bug includes a pre-auth remote code execution vulnerability spotted in the Microsoft Remote Procedure Call (RPC) Runtime Library, which received a severity score of 9.8/10. A patch for this vulnerability too is included by Microsoft in April’s 2022 Patch Tuesday update.

CISA has given the agencies time upto May 2nd (three weeks from now) to update their systems and be secured. Though this directive is aimed at all the Federal Civilian Executive Branch Agencies (FCEB), CISA recommends this to all other US organizations too. Here’s the list of all 10 bugs added to the latest directive;

CVE Vulnerability Name Due Date
CVE-2022-24521 Microsoft Windows CLFS Driver Privilege Escalation 2022-05-04
CVE-2018-7602 Drupal Core Remote Code Execution Vulnerability 2022-05-04
CVE-2018-20753 Kaseya VSA Remote Code Execution Vulnerability 2022-05-04
CVE-2015-5123 Adobe Flash Player Use-After-Free Vulnerability 2022-05-04
CVE-2015-5122 Adobe Flash Player Use-After-Free Vulnerability 2022-05-04
CVE-2015-3113 Adobe Flash Player Heap-Based Buffer Overflow 2022-05-04
CVE-2015-2502 Microsoft Internet Explorer Memory Corruption 2022-05-04
CVE-2015-0313 Adobe Flash Player Use-After-Free Vulnerability 2022-05-04
CVE-2015-0311 Adobe Flash Player Remote Code Execution Vulnerability 2022-05-04
CVE-2014-9163 Adobe Flash Player Stack-Based Buffer Overflow 2022-05-04

LEAVE A REPLY

Please enter your comment!
Please enter your name here