Security News > 2022 > September > CISA orders agencies to patch vulnerability used in Stuxnet attacks

The U.S. Cybersecurity and Infrastructure Security Agency has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor's instructions to fix them.
CISA is giving federal agencies until October 6th to patch security vulnerabilities that have been reported between 2010 and 2022.
Most of the vulnerabilities that CISA added to its KEV catalog were disclosed in 2013 and were used to root Android devices back in the day, through the Tizi malware.
The oldest bug that CISA ordered federal agencies to patch is from 2010 and was used to spread the Stuxnet worm that damaged the centrifuges at the Natanz uranium enrichment plant to slow the country's advancements towards developing nuclear weapons.
As per the binding operational directive 22-01 from November 2021, all Federal Civilian Executive Branch Agencies have to patch the security vulnerabilities CISA adds to its KEV catalog for a more secure environment.
While the directive is for organizations in the U.S., companies and corporations around the world can use CISA's catalog to improve the security of their networks.
News URL
Related news
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)