Security News > 2022 > April > CISA warns orgs to patch actively exploited Windows LPE bug
The Cybersecurity and Infrastructure Security Agency has added ten new security bugs to its list of actively exploited vulnerabilities, including a high severity local privilege escalation bug in the Windows Common Log File System Driver.
According to a binding operational directive issued in November, all Federal Civilian Executive Branch Agencies agencies must secure their systems against this security flaw after being added to CISA's catalog of Known Exploited Vulnerabilities.
CISA has given them three weeks, until May 2nd, to patch the CVE-2022-24521 vulnerability flaw and block ongoing exploitation attempts.
Although the BOD 22-01 directive only applies to US federal agencies, CISA also strongly urges all US organizations to patch this actively exploited security bug to block attempts to escalate privileges on their Windows systems.
On Monday, CISA also ordered federal civilian agencies to patch an actively exploited security bug in WatchGuard Firebox and XTM firewall appliances.
After issuing the BOD 22-01 binding directive, CISA has added hundreds of security vulnerabilities to its list of actively exploited flaws, ordering US federal agencies to patch them as soon as possible to block security breaches.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-15 | CVE-2022-24521 | Unspecified vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |