The United States Cybersecurity and Infrastructure Agency (CISA) has added 36 new flaws to its catalog of vulnerabilities that are known to be exploited by cyber criminals.
The CISA alert warns that the vulnerabilities are a frequent attack vector for malicious attackers and pose “significant risk”. Organisations, particularly those associated with federal government, are urged to apply the security updates as soon as possible.
“CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of catalog vulnerabilities as part of their vulnerability management practice,” said CISA.
Among the 36 vulnerabilities that have been added are vulnerabilities in software and products from Microsoft, Google, Adoble, Cisco, Netgear, QNAP and others.
Vulnerabilities in Microsoft products include CVE-2012-4969, a vulnerability in Internet Explorer that allows remote execution of code, and CVE-2013-1331, a buffer overflow vulnerability in Microsoft Office that allows cyber criminals to launch remote attacks. CVE-2012-0151, a flaw in the Authenticode Signature Verification function in Microsoft Windows that allows user-assisted attackers to execute remote code, has also been added to the catalog.
The CISA alert also addresses several vulnerabilities in Google’s Chromium V8 Engine, including CVE-2016-1646 and CVE-2016-5198,