BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

An Ex-DOD Hacker Raises $20 Million To Stop ChatGPT-Fueled Cyberattacks
Tech Firms Pledge To Eliminate AI-Generated CSAM
Taser Company Axon Is Selling AI That Turns Body Cam Audio Into Police Reports
European Commission Launches Another TikTok Probe
Election 2024: Championing Proactive Cybersecurity To Fortify National Security
Malvertising Slips Through: Boosting Digital PR And Ad Safety Is Vital
Edit Story
ForbesInnovationCybersecurity

U.S. Cybersecurity Agency ‘Strongly Urges’ You Patch These 75 Actively Exploited Flaws

Davey Winder
Senior Contributor
Opinions expressed by Forbes Contributors are their own.
Veteran cybersecurity and tech analyst, journalist, hacker, author
Following

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added a total of 75 security vulnerabilities, all known to be actively exploited, to its 'significant risk' listing in just three days this week. So serious is the risk of attack exposure by these exploited vulnerabilities, some of which reach back many years, CISA warns that federal civilian executive branch (FCEB) agencies must ensure they are patched by the middle of June.

The mass vulnerability additions to the 'Known Exploited Vulnerabilities Catalog' started on May 23 when 21 such actively exploited security flaws went into the listing. These were joined on May 24 by the addition of another 20 new vulnerabilities, with the remaining 34 added to the catalog on May 25.

MORE FROM FORBESMicrosoft Issues Emergency Windows 10, 11 & Server Security UpdateBy Davey Winder

"A frequent attack vector for malicious cyber actors"

Although the vulnerabilities cover a wide range of both initial disclosure dates and impacted products, they are connected by the fact that CISA has evidence of active exploitation. They are all, CISA stated, "a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise." The publication of 'Binding Operational Directive 22-01' in November 2021, requires those FCEB agencies to patch the vulnerabilities, by law, in the time frame given. This doesn't mean that as an ordinary, non-federal agency, organization or business you can happily ignore this warning as CISA "strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice."

Not just a warning for federal agencies but all organizations

I would hope that many of the vulnerabilities would already have been patched within your organization, especially given the oldest dates back to 2010. The most recent, however, are from this year and impact Microsoft Windows, VMware, Cisco, and F5.

MORE FROMFORBES ADVISOR

Best Travel Insurance Companies

By
Amy Danise
Editor

Best Covid-19 Travel Insurance Plans

By
Amy Danise
Editor

Satya Gupta, founder and Chief Technology Officer of Virsec, adds another layer of urgency to the update warning. "One thing that is common in all the referenced vulnerabilities, as well as the ones in CISA’s ongoing advisories, is that these vulnerabilities are all exploitable remotely,” Gupta said. "Vulnerabilities that are exploitable remotely give bad actors an obscenely serious operating advantage over their victims, which are enterprises that didn’t patch fast enough."

MORE FROM FORBESRussian Military Hackers-$10 Million Reward Offered By U.S. GovernmentBy Davey Winder
Follow me on Twitter or LinkedInCheck out my website or some of my other work here
Davey Winder
Davey Winder