{"id":8351,"date":"2022-07-09T10:38:52","date_gmt":"2022-07-09T10:38:52","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8351"},"modified":"2023-03-07T16:11:10","modified_gmt":"2023-03-07T23:11:10","slug":"dhs-cisa-kevs-weekly-edition-10-patch-before-you-hit-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/dhs-cisa-kevs-weekly-edition-10-patch-before-you-hit-the-deadline\/","title":{"rendered":"DHS CISA KEVs Weekly Edition 10: Patch Before you Hit the Deadline"},"content":{"rendered":"

Following frequent and highly impactful cyberattacks, the CISA has updated the KEV list and has recommended that all federal agencies patch these vulnerabilities within the due date. This week, 12 vulnerabilities need to be patched by July 10, 2022.<\/p>\n

We analyzed the CISA Known Exploited Vulnerabilities (KEVs) and found the following:<\/p>\n

\"\"<\/p>\n

How Far Back Do They Go?<\/h2>\n

Of the 12 KEVs, the oldest vulnerability, a Microsoft WinVerifyTrust function Remote Code Execution, dates back to 2013.<\/p>\n

\"\"<\/p>\n

Which Vendors Are Affected?<\/h2>\n

Several prominent vendor products are affected by the vulnerabilities that need to be patched by July 10, 2022.
\n\"\"<\/p>\n

Severity Scores<\/h2>\n

Patching these vulnerabilities is of high priority, as most of them rank high on the CVSS severity scale.<\/p>\n

\"\"<\/p>\n

Software Weaknesses<\/h2>\n

The following CWEs are associated with several vulnerabilities that need to be patched this week.<\/p>\n

\"\"
\n