Security News > 2022 > March > CISA warns organizations to patch 95 actively exploited bugs
The U.S. Cybersecurity and Infrastructure Security Agency has added 95 vulnerabilities to its list of actively exploited security issues, the largest number since issuing the binding operational directive last year.
As per BOD 22-01 for reducing the risk from known exploited vulnerabilities, federal agencies are given a little over three weeks to patch the newly added 95 security flaws, the due date for most of them being March 24th. For 27 of the vulnerabilities, there is a shorter deadline for patching, March 17th, mainly because they are more recent and affect systems that give access to sensitive information or allow moving to devices on the network.
The latest entries in CISA's catalog of known exploited vulnerabilities impact products mostly from Microsoft and Cisco.
CVE Vendor/Project Product Vulnerability Name Short Description CVE-2011-0611 Adobe Flash Player Adobe Flash Player Remote Code Execution Vulnerability Adobe Flash Player contains a vulnerability which allows remote attackers to execute arbitrary code or cause a denial of service via crafted Flash content.
CVE-2010-3333 Microsoft Office Microsoft Office Stack-based Buffer Overflow Vulnerability A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.
With the 95 vulnerabilities added this week, CISA's catalog of actively exploited bugs for federal agencies to address has a total of 478 entries.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-04-13 | CVE-2011-0611 | Type Confusion vulnerability in multiple products Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. | 8.8 |
| 2010-11-10 | CVE-2010-3333 | Out-of-bounds Write vulnerability in Microsoft Office and Open XML File Format Converter Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." | 7.8 |