U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws

Share on linkedin
Share on facebook
Share on twitter

The U.S. Cybersecurity and Infrastructure Security Agency has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within “Aggressive” timeframes.

“These vulnerabilities pose significant risk to agencies and the federal enterprise,” the agency said in a binding operational directive issued Wednesday.

“It is essential to aggressively remediate known exploited vulnerabilities to protect federal information systems and reduce cyber incidents.”

About 176 vulnerabilities identified between 2017 and 2020, and 100 flaws from 2021 have made their way to the initial list, which is expected to be updated with additional actively exploited vulnerabilities as and when they become known provided they have been assigned Common Vulnerabilities and Exposures identifiers and have clear remediation action.

Although the BOD is primarily aimed at federal civilian agencies, CISA is recommending private businesses and state entities to review the catalog and remediate the vulnerabilities to strengthen their security and resilience posture.

“Second, it provides due dates for remediating those vulnerabilities. By providing a common list of vulnerabilities to target for remediation, CISA is effectively leveling the playing field for agencies in terms of prioritization. It’s no longer up to each individual agency to decide which vulnerabilities are the highest priority to patch.”

Stay on Top of Cyber Threats!

Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Follow us on Socials:

Recent Cybersecurity News

Emotet now spreads via fake Adobe Windows App Installer packages

The Emotet malware is now distributed through malicious Windows App Installer packages that...
Read The Article

Critical Wormable Security Flaw Found in Several HP Printer Models

Cybersecurity researchers on Tuesday disclosed multiple security flaws affecting 150 different multifunction printers...
Read The Article

Panasonic discloses data breach after network hack

Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained...
Read The Article

Contact a Specialist

Discover why 1,000+ organizations trust our expertise to improve their cybersecurity.

Stay Updated on Cyber Risks!

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.