Security News > 2022 > March > CISA orders agencies to patch actively exploited Sophos firewall bug
The Cybersecurity and Infrastructure Security Agency has ordered federal civilian agencies on Thursday to patch a critical Sophos firewall bug and seven other vulnerabilities within the next three weeks, all exploited in ongoing attacks.
CISA also ordered federal agencies to patch a high severity arbitrary file upload vulnerability in the Trend Micro Apex Central product management console that can be abused in remote code execution attacks.
CISA added six more vulnerabilities to its Known Exploited Vulnerabilities Catalog today, all of them also exploited in ongoing attacks.
According to a November 2021 binding operational directive, Federal Civilian Executive Branch Agencies agencies must secure their systems against these security flaws, with CISA giving them until April 21 to patch the ones added today.
While the BOD 22-01 directive only applies to FCEB agencies, CISA has also urged private and public sector organizations to prioritize patching these actively abused security bugs to reduce their networks' exposure to ongoing cyberattacks.
CISA has added hundreds of vulnerabilities to its list of actively exploited bugs after issuing this binding directive, asking US federal agencies to patch them as soon as possible to prevent security breaches.