Security News > 2022 > April > CISA adds 7 vulnerabilities to list of bugs exploited in attacks

CISA adds 7 vulnerabilities to list of bugs exploited in attacks
2022-04-26 00:03

The U.S. Cybersecurity and Infrastructure Security Agency has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins.

The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities known to be actively exploited in cyberattacks and required to be patched by Federal Civilian Executive Branch agencies.

The seven new vulnerabilities added this week are listed below, with CISA requiring all of them to be patched by May 16th, 2022.

The Windows 'User Profile Service Privilege Escalation' vulnerabilities tracked as CVE-2022-21919 and CVE-2022-26904 were both discovered by Abdelhamid Naceri and are subsequent bypasses of an original CVE-2021-34484 vulnerability fixed in August 2021.

All of these vulnerabilities have had public PoC exploited disclosed, and BleepingComputer has been told that ransomware gangs use them to spread laterally through a Windows domain.

It is strongly recommended that all security professionals and admins review the Known Exploited Vulnerabilities Catalog and patch any within their environment.


News URL

https://www.bleepingcomputer.com/news/security/cisa-adds-7-vulnerabilities-to-list-of-bugs-exploited-in-attacks/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-26904 Race Condition vulnerability in Microsoft products
Windows User Profile Service Elevation of Privilege Vulnerability 		0.0
0.0
2022-01-11 CVE-2022-21919 Link Following vulnerability in Microsoft products
Windows User Profile Service Elevation of Privilege Vulnerability 		0.0
0.0
2021-08-12 CVE-2021-34484 Unspecified vulnerability in Microsoft products
Windows User Profile Service Elevation of Privilege Vulnerability 		0.0
0.0