The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of Known Exploited Vulnerabilities.
These vulnerabilities have been observed in real cyber-attacks against organizations, so they are published to raise awareness among system administrators and serve as official advice on how to apply the corresponding security updates.
In this case, CISA gives federal agencies until April 15, 2022 to patch the vulnerabilities listed and reduce the risk of becoming a victim of cyberattacks.
A massive 66 vulnerabilities
The new set of 66 actively exploited vulnerabilities published by CISA spans the dates of disclosure between 2005 and 2022 and spans a broad spectrum of software and hardware types and versions.
The vulnerabilities of Mitel CVE-2022-26143 and Windows CVE-2022-21999, disclosed in February, are two particularly interesting bugs.
Microsoft fixed the CVE-2022-21999 Windows Print Spooler bug in the February 2022 Patch Tuesday updates, and threat actors had not actively used it at the time. The vulnerability could allow attackers to run code such as SYSTEM, the highest Windows privileges when exploited.
The Mitel CVE-2022-26143 bug affects devices with a vulnerable driver (TP-240), including MiVoice Business Express and MiCollab.
This flaw enables a record-breaking DDoS gain ratio of approximately 4.3 billion to 1, using a method of internal reflection.
Akamai, the company that discovered the Mitel bug, reported attacks in the wild in early February targeting governments, financial institutions and Internet service providers.
Additionally, the set includes a 2005 RCE error on Hewlett Packard OpenView, a 2009 buffer overflow on Adobe Reader and Acrobat, a 2009 RCE on phpMyAdmin, and an additional 23 errors between 2010 and 2016.
The addition of these 66 vulnerabilities at this point doesn’t necessarily mean that the CISA analysts just noticed their active exploitation in the wild.
It is very possible that the agency publishes new sets at intervals so as not to overwhelm system administrators, and strives to strike a balance between practical limitations and best security practices.
Another possible explanation for the addition of such old vulnerabilities to the catalog could be that they are being used in new exploit chains that are in effect today and that suddenly transcend from obsolescence to relevance.
However, the list shows us how quickly threat actors target a vulnerability once a vendor makes it public.
For example, the Windows Print Spooler CVE-2022-21999 vulnerability, the Mitel DDoS CVE-2022-26143 amplification vulnerability, and the CVE-2022-26318 WatchGuard vulnerabilities were revealed in February and were quickly exploited by threat actors.
That’s why it’s critical for administrators to apply security updates as soon as possible to prevent abuse, especially on devices exposed to the Internet.
Due to the high number of bugs in the latest set, CISA did not provide the usual summary table, so system administrators will have to review the new entries in the catalog, which now has a total of 570 vulnerabilities.
Once at the catalog, you can click the “Date added” column heading to sort by the most recently added vulnerabilities.
This post CISA adds 66 vulnerabilities to list of bugs exploited in attacks
was original published at “https://www.bleepingcomputer.com/news/security/cisa-adds-66-vulnerabilities-to-list-of-bugs-exploited-in-attacks/”