Security News > 2022 > February > CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug
CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability.
The move means that Federal Civilian Executive Branch agencies have until Feb. 18, 2022 to remediate the vulnerability, which affects all unpatched versions of Windows 10.
"These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise," CISA said.
CVE-2022-21882 is a privilege-escalation bug in Windows 10 that doesn't require much in the way of privileges to exploit: a nasty scenario, particularly given that an exploit requires zero user interaction.
Within two days of the Jan. 11 release, Microsoft had yanked the January Windows Server cumulative updates, rendering them unavailable via Windows Update.
On Friday, CISA said that it added the bug to the known exploited vulnerability database based on evidence that threat actors are actively exploiting it.
News URL
https://threatpost.com/cisa-orders-federal-agencies-to-fix-actively-exploited-windows-bug/178270/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-11 | CVE-2022-21882 | Out-of-bounds Write vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |