{"id":45262,"date":"2022-02-11T21:15:00","date_gmt":"2022-02-11T21:15:00","guid":{"rendered":"http:\/\/1f8d0c4c-fd67-407b-9db6-2fc77a8374a5"},"modified":"2022-02-11T21:15:00","modified_gmt":"2022-02-11T21:15:00","slug":"microsoft-oracle-apache-and-apple-vulnerabilities-added-to-cisa-catalog","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-oracle-apache-and-apple-vulnerabilities-added-to-cisa-catalog\/","title":{"rendered":"Microsoft, Oracle, Apache and Apple vulnerabilities added to CISA catalog"},"content":{"rendered":"

The US Cybersecurity and Infrastructure Security Agency (CISA) updated<\/a> its catalog of known exploited vulnerabilities this week, adding 15 vulnerabilities based on evidence that threat actors are actively exploiting them.<\/p>\n

The list includes a Microsoft Windows SAM local privilege escalation vulnerability with a remediation date set for February 24. <\/p>\n

Vulcan Cyber engineer Mike Parkin said the vulnerability — CVE-2021-36934 — was patched in August 2021 shortly after it was disclosed. <\/p>\n

“It is a local vulnerability, which reduces the risk of attack and gives more time to deploy the patch. CISA set the due date for Federal organizations who take direction from them, and that date is based on their own risk criteria,” Parkin said. “With Microsoft releasing the fix 5 months ago, and given the relative threat, it is reasonable for them to set late February as the deadline.”<\/p>\n

The rest of the list covers a range of Microsoft, Apache, Apple, and Jenkins vulnerabilities with remediation dates of August 10.<\/p>\n

While some experts questioned CISA’s new additions to the list, Netenrich’s John Bambenek explained that anything that provides a straightforward path to elevated privileges and is being exploited by the kind of threat actors CISA is concerned about needs to be remediated immediately.  <\/p>\n

\"screen-shot-2022-02-11-at-2-49-19-pm.png\"<\/span>