{"id":8394,"date":"2022-04-29T11:31:06","date_gmt":"2022-04-29T18:31:06","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8394"},"modified":"2023-03-03T14:39:08","modified_gmt":"2023-03-03T21:39:08","slug":"dhs-cisa-kevs-weekly-edition-3-patch-before-you-hit-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/dhs-cisa-kevs-weekly-edition-3-patch-before-you-hit-the-deadline\/","title":{"rendered":"DHS CISA KEVs Weekly Edition 3: Patch Before you Hit the Deadline"},"content":{"rendered":"
The US Cybersecurity and Infrastructure Security Agency has again raised the alarm about known exploited vulnerabilities\u00a0by adding new CVEs to the growing list of KEV catalog. This blog brings you all the DHS CISA KEVs that need to be prioritized for patching this week (April 25 to April 30, 2022).<\/p>\n
A total of 7 known exploited vulnerabilities from the DHS CISA catalog should be fixed by federal agencies this week before April 25 to April 30, 2022. We further analyzed these 7 KEVs and found that –<\/p>\n
<\/p>\n
Our ML and AI model predicts that four out of seven CVEs are potentially 38 times more likely to be exploited. So patch them now before they become problems.<\/strong><\/p>\n Of the 7 KEVs, 4 CVEs are old vulnerabilities dating from 2017 to 2021 with a patch deadline of April 25 and April 30, 2022.<\/p>\n <\/p>\n Ransomware\/APT Groups Most notably, CVE-2017-0148 is associated with seven notorious ransomware groups (WannaCry, Petya, Conti, Muhstik, Ryuk, Sata, UIWIX) and three APT threat groups that include Wizard Spider, The Shadow Brokers, and Threat Group-3390.<\/p>\n We strongly recommend that all security professionals and administrators review the Known Exploited Vulnerabilities Catalog and patch any vulnerabilities in their environment.<\/p>\n These 7 CVEs that have a patch deadline of April 25 and April 30, 2022, affect major vendors such as Microsoft, D-link, Vmware, Apple, and Sudo.<\/p>\nHow Far Back Do They Go?<\/h2>\n
\nCVE-2017-0148 is a remote code execution vulnerability that exists in Microsoft Server Message Block 1.0 (SMBv1) service, is tied to multiple threat groups. An attacker who successfully exploited the vulnerabilities would be able to execute code on the target server. This CVE carries a CVSS v3 score of 8.1 (High) and is classified under CWE-20 (Improper Input Validation).<\/p>\nWhich Vendors Are Affected?<\/h2>\n