Following frequent and highly impactful cyberattacks, the CISA has updated the KEV list and has recommended that all federal agencies patch these vulnerabilities within the due date. This week, 12 vulnerabilities need to be patched by July 10, 2022.
We analyzed the CISA Known Exploited Vulnerabilities (KEVs) and found the following:
How Far Back Do They Go?
Of the 12 KEVs, the oldest vulnerability, a Microsoft WinVerifyTrust function Remote Code Execution, dates back to 2013.
Which Vendors Are Affected?
Several prominent vendor products are affected by the vulnerabilities that need to be patched by July 10, 2022.
Severity Scores
Patching these vulnerabilities is of high priority, as most of them rank high on the CVSS severity scale.
Software Weaknesses
The following CWEs are associated with several vulnerabilities that need to be patched this week.
Table: DHS CISA KEVs
Half of these vulnerabilities can be used to remotely execute malicious code. Since the start of the pandemic, there has been an increase of over 75% in the activity of ransomware groups. Hence, all federal and private organizations should immediately patch the above-listed CVEs, as they are highly susceptible to attacks.