content.govdelivery.com Open in urlscan Pro
2a02:26f0:6c00:2a4::1884  Public Scan

URL: https://content.govdelivery.com/accounts/USDHSCISA/bulletins/30f06f6
Submission: On March 25 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

GET https://public.govdelivery.com/accounts/USDHSCISA/subscriber/qualify

<form role="form" method="get" action="https://public.govdelivery.com/accounts/USDHSCISA/subscriber/qualify" id="sub_form">
  <div><label for="email">Email Address</label><input type="text" aria-describedby="email-input-content-description" class="sr-field stacked-text-field" id="email" name="email"><small id="email-input-content-description">e.g. name@example.com</small>
  </div>
  <div id="subscribe-button-wrapper"><input type="submit" class="sr-button reverse small stacked-submit-button" value="Subscribe"></div>
</form>

Text Content

We only use cookies that are necessary for this site to function to provide you
with the best experience. The controller of this site may choose to place
supplementary cookies to support additional functionality such as support
analytics, and has an obligation to disclose these cookies. Learn more in our
Cookie Statement.


CISA ADDS 15 KNOWN EXPLOITED VULNERABILITY TO CATALOG

Cybersecurity and Infrastructure Security Agency sent this bulletin at
03/15/2022 06:07 PM EDT



You are subscribed to Reducing the Significant Risk of Known Exploited
Vulnerabilities for Cybersecurity and Infrastructure Security Agency. This
information has recently been updated, and is now available.

CISA Adds 15 Known Exploited Vulnerability to Catalog
03/15/2022 02:00 PM EDT

Original release date: March 15, 2022


CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities
Catalog, based on evidence that threat actors are actively exploiting the
vulnerabilities listed in the table below. These types of vulnerabilities are a
frequent attack vector for malicious cyber actors of all types and pose
significant risk to the federal enterprise. Note: to view the newly added
vulnerabilities in the catalog, click on the arrow on the of the "Date Added to
Catalog" column, which will sort by descending dates.

CVE ID Vulnerability Name Due Date CVE-2020-5135 SonicWall SonicOS Buffer
Overflow Vulnerability 4/5/2022 CVE-2019-1405 Microsoft Windows UPnP Service
Privilege Escalation Vulnerability 4/5/2022 CVE-2019-1322 Microsoft Windows
Privilege Escalation Vulnerability 4/5/2022 CVE-2019-1315 Microsoft Windows
Error Reporting Manager Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1253 Microsoft Windows AppX Deployment Server Privilege Escalation
Vulnerability 4/5/2022 CVE-2019-1129 Microsoft Windows AppXSVC Privilege
Escalation Vulnerability 4/5/2022 CVE-2019-1069 Microsoft Task Scheduler
Privilege Escalation Vulnerability 4/5/2022 CVE-2019-1064 Microsoft Windows
AppXSVC Privilege Escalation Vulnerability 4/5/2022 CVE-2019-0841 Microsoft
Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022 CVE-2019-0543
Microsoft Windows Privilege Escalation Vulnerability 4/5/2022 CVE-2018-8120
Microsoft Win32k Privilege Escalation Vulnerability 4/5/2022 CVE-2017-0101
Microsoft Windows Transaction Manager Privilege Escalation Vulnerability
4/5/2022
  CVE-2016-3309  Microsoft Windows Kernel Privilege Escalation Vulnerability
4/5/2022
  CVE-2015-2546 Microsoft Win32k Memory Corruption Vulnerability 4/5/2022
  CVE-2019-1132 Microsoft Win32k Privilege Escalation Vulnerability 4/5/2022
 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of
Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities
Catalog as a living list of known CVEs that carry significant risk to the
federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified
vulnerabilities by the due date to protect FCEB networks against active threats.
See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all
organizations to reduce their exposure to cyberattacks by prioritizing timely
remediation of Catalog vulnerabilities as part of their vulnerability management
practice. CISA will continue to add vulnerabilities to the Catalog that meet the
meet the specified criteria. Note: prioritizing software updates that address
known exploited vulnerabilities is one of the actions CISA encourages as part of
the recent Shields Up recommendations to all stakeholders.

This product is provided subject to this Notification and this Privacy & Use
policy.

Having trouble viewing this message? View it as a webpage. 

You are subscribed to updates from the Cybersecurity and Infrastructure Security
Agency (CISA)
Manage Subscriptions  |  Privacy Policy  |  Help

Connect with CISA:
Facebook  |  Twitter  |  Instagram  |  LinkedIn  |   YouTube


SUBSCRIBE TO UPDATES FROM CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY

Email Addresse.g. name@example.com



SHARE BULLETIN



Powered by


Privacy Policy | Cookie Statement | Help