Why Procurement Decisions Shape Long-Term Compliance Sarah had spent weeks helping leadership define architectural standards…
The Catalog of Cyber Vulnerabilities Grows
As it promised two weeks ago when it first announced the publication of a federal government’s Catalog of Known Exploited Vulnerabilities, CISA (Cybersecurity & Infrastructure Security Agency) has just updated the catalog by adding four new vulnerabilities. All of them represent significant risks.
The CISA catalog is directed to non-military agencies and their contractors so they can identify open and new cybersecurity vulnerabilities. It also allows CISA to announce remediation deadlines. This bimonthly updating process should prove to be a valued resource to agencies, their contractors, and all of us in staying up-to-date in maintaining cybersecurity hygiene.
Three of the four newly added vulnerabilities involve Microsoft products. In one, a security feature bypass in Excel could allow for an attacker to perform arbitrary code execution. Another allows an attacker to use an improper validation in a cmdlet (a small script that performs a specific function) argument to perform remote code execution in Microsoft Exchange servers. The third identifies a vulnerability in Windows OS that could allow for an authorized user to escalate privileges.
The fourth newly listed vulnerability is in the Perl ExifTool. In this second listing in as many weeks, a vulnerability in ExifTool, a set of Perl modules that read and write metadata in a variety of formats, has been identified. This most recently described vulnerability could allow improper neutralizing of user data and arbitrary code execution.
December 1, 2021, is the remediation deadline for all four of these vulnerabilities, which are now being actively exploited by threat actors. And as with all the rest, the remediation action for these vulnerabilities is to apply updates per vendor instructions.
Click to rate this post!
[Total: 0 Average: 0]

This Post Has 0 Comments