August 13, 2024 at 02:23PM
CISA has added six new known exploited vulnerabilities to the catalog, including remote code execution, memory corruption, and privilege escalation issues in Microsoft products. These are common attack vectors for cyber actors and pose risks to the federal enterprise. BOD 22-01 mandates remediation to protect FCEB networks from active threats, but CISA urges all organizations to prioritize vulnerability management.
Based on the meeting notes, the Cybersecurity and Infrastructure Security Agency (CISA) has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, all of which are related to Microsoft products. These vulnerabilities are considered frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. The Binding Operational Directive (BOD) 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. It is important for all organizations to prioritize timely remediation of these vulnerabilities as part of their vulnerability management practice, even though BOD 22-01 specifically applies to FCEB agencies. CISA will continue to update the Known Exploited Vulnerabilities Catalog with vulnerabilities that meet specified criteria. For more information, you can refer to the BOD 22-01 Fact Sheet.