CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including vulnerabilities in Microsoft Project, Windows Scripting Engine, and Windows Kernel. These vulnerabilities are actively exploited and pose significant risks to federal agencies and organizations. BOD 22-01 requires FCEB agencies to remediate these vulnerabilities by specified due dates. While BOD 22-01 applies only to FCEB agencies, CISA recommends that all organizations prioritize remediation of Catalog vulnerabilities to mitigate cyberattack risks. CISA will continue to update the catalog with vulnerabilities that meet specific criteria for active exploitation.