CISA adds 75 actively exploited bugs to its must-patch list in just a week

Plenty to keep the security team busy: the US cybersecurity authority is urging everyone to patch a number of software flaws, including some older ones in Microsoft’s Silverlight plug-in and Adobe Flash Player. 

The Cybersecurity And Infrastructure Security Agency (CISA) added three batches of must-fix bugs to its catalog of known exploited software vulnerabilities this week. The first covered 21 bugs, the second 20 known exploited bugs and the third covers a further 34. US federal agencies are required to patch the flaws by CISA’s deadline.    

Not all of these flaws are at the cutting edge of technology: this lot of patches also includes very old bugs in software like Microsoft Silverlight, which reached end of support in October 2021, and Adobe’s dead Flash Player plugin. All browsers have dropped support for Flash and Flash content, and Microsoft removed Flash from Windows last year

There’s a chance Silverlight may still be floating around government systems as internal legacy applications or websites. Silverlight applications, for example, will still work in IE Mode in modern Edge.    

CISA’s latest updates to its known exploited vulnerabilities catalog includes Flash flaws disclosed in 2016 and 2015 and Silverlight flaws dating back to 2013. It also includes older flaws

Read More: