The CISA has added more flaws in its catalog of known exploited vulnerabilities. Last month, the agency had warned federal agencies to fix old unpatched vulnerabilities.
The new flaws in the list
The recently added vulnerabilities affect multiple products belonging to tech giants such as Microsoft, Oracle, Apache, and Apple. There are some priority ones, for which the CISA has asked FCEB agencies to patch the vulnerabilities within February.
The list includes a vulnerability detected in Microsoft Windows SAM, tracked as CVE-2021-36934. The deadline to fix the flaw is February 24. The patch for this bug was released in August 2021.
The other flaw is the CVE-2022-22620 WebKit use after free vulnerability, exploitable for code execution and OS crashes. Organizations must patch this by February 25.
Yet another is the CVE-2022-21882, which is a privilege escalation vulnerability in Win32k and has a deadline of February 18.
These flaws affect the SMBv3, Jenkins, Apache Struts 1, Windows Shell, WebLogic Server, Win32k, Office, SMBv1, ActiveMQ, DIR-645 Router, OS X, Mac, and more.
Organizations are suggested to frequently refer the known vulnerabilities catalog to stay informed about the high-risk flaws under active exploitation. Besides, organizations must have a robust patch management system to ensure further safety.