Get patching now: CISA adds another 95 flaws to its known exploited vulnerabilities list

The US Cybersecurity and Infrastructure Security Agency (CISA) just added a whopping 95 new bugs to its catalogue of known exploited vulnerabilities, including multiple critical Cisco router flaws, Windows flaws new and old, and bugs in Adobe Flash Player, and more.

“CISA has added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise,” the agency said.

ZDNet Recommends

The Windows flaw CVE-2021-41379 that joined CISA’s list was being used in attacks against customers in November. Cisco’s Talos researchers discovered malware that targeted the elevation of privilege flaw affecting Windows 11 and earlier. Microsoft rated it an “important” threat and a severity score of 5.5 out of 10.

SEE: Cybersecurity: Let’s get tactical (ZDNet special report)

Cisco’s router flaws, however, are a greater concern to patch given their severity rating of 10 out of 10. Cisco released firmware updates in February to address multiple critical flaws in its RV Series of routers. 

These were bugs that allowed attackers to execute malicious code, elevate privileges, run random commands, knock a device offline, bypass

Read More: https://www.zdnet.com/article/get-patching-now-cisa-adds-another-95-flaws-to-its-known-exploited-vulnerabilities-list/#ftag=RSSbaffb68