{"id":8345,"date":"2022-07-22T10:27:37","date_gmt":"2022-07-22T10:27:37","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8345"},"modified":"2023-03-07T16:14:06","modified_gmt":"2023-03-07T23:14:06","slug":"dhs-cisa-kevs-weekly-edition-11-patch-before-you-hit-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/dhs-cisa-kevs-weekly-edition-11-patch-before-you-hit-the-deadline\/","title":{"rendered":"DHS CISA KEVs Weekly Edition 11: Patch Before you Hit the Deadline"},"content":{"rendered":"

Microsoft released patches for 84 vulnerabilities on Patch Tuesday, July 12, 2022. One of the CVEs was a critical zero-day vulnerability affecting the Windows CSRSS devices. CISA added this vulnerability to the KEV list last week, bringing the total KEVs to 788. This week, CISA has recommended that patches should be applied for 15 vulnerabilities by July 21, 2022. Let us see what they are:<\/p>\n

\"\"<\/p>\n

How Far Back Do They Go?<\/h2>\n

Of the 15 KEVs, the oldest vulnerability, an Apache Struts 1 ActionForm denial-of-service vulnerability, dates back to 2006.<\/p>\n

\"\"<\/p>\n

Which Vendors Are Affected?<\/h2>\n

Several prominent vendor products are affected by the vulnerabilities that need to be patched by July 21, 2022.<\/p>\n

\"\"<\/p>\n

Severity Scores<\/h2>\n

Patching these vulnerabilities is of high priority, as most of them rank high on the CVSS.<\/p>\n

\"\"<\/p>\n

Software Weaknesses<\/h2>\n

The following CWEs have caused the 15 vulnerabilities that need to be patched this week.<\/p>\n

\"\"<\/p>\n

 <\/p>\n