Security News > 2022 > May > CISA adds 41 vulnerabilities to list of bugs used in cyberattacks

CISA adds 41 vulnerabilities to list of bugs used in cyberattacks
2022-05-24 17:50

The Cybersecurity & Infrastructure Security Agency has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR. The added vulnerabilities come from a wide range of years, with the oldest disclosed in 2016 and the most recent being a Cisco IOS XR vulnerability fixed last Friday.

CISA has given federal agencies until June 13th, 2022, to apply security updates for the Android and Cisco vulnerabilities.

Included is a Windows elevation of privileges vulnerability tracked as CVE-2020-0638 that was disclosed in 2020 but found to be still used by the Conti ransomware gang in attacks on corporate networks.

As threat actors continue to use older vulnerabilities in attacks, admins must install updates on all devices, including older versions that may still be operating in corporate environments.

CISA requires federal agencies to patch all flaws added on Monday by June 13th, 2022, while the other 20 added today need to be fixed by June 14th, 2022.

To see the current list of exploited vulnerabilities, you can view CISA's Known Exploited Vulnerabilities Catalog, which can be downloaded in various offline formats.


News URL

https://www.bleepingcomputer.com/news/security/cisa-adds-41-vulnerabilities-to-list-of-bugs-used-in-cyberattacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-01-14 CVE-2020-0638 Improper Privilege Management vulnerability in Microsoft products
An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-269
4.6