CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added CVE-2018-0824, a Microsoft COM deserialization vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation. This type of vulnerability poses a significant risk to federal agencies and organizations. BOD 22-01 requires FCEB agencies to remediate catalog vulnerabilities by the specified due date. CISA urges all organizations to prioritize remediation of these vulnerabilities as part of their vulnerability management practices. The catalog includes vulnerabilities that meet specific criteria and CISA will continue to add vulnerabilities as needed. By addressing these known exploited vulnerabilities, organizations can reduce their exposure to cyberattacks. Failure to remediate these vulnerabilities promptly can lead to successful exploitation by malicious actors. Timely remediation is crucial for protecting networks against active threats.