The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 7 vulnerabilities to its list of active exploits, including those from Microsoft, Linux, and Jenkins.
The Known Exploited Vulnerabilities Directory is a list of vulnerabilities that are known to be actively exploited in cyberattacks and that need to be patched by the Federal Civil Executive Board (FCEB).
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the catalog was established under the Constrained Operations Directive (BOD) 22-01: Reducing Significant Risks of Known Exploited Vulnerabilities as a record of a dynamic list of CVE vulnerabilities that are known to pose significant risks to federal enterprises. BOD22-01 requires the Federal Civil Executive Board (FCEB) agency to fix identified vulnerabilities by the deadline to protect its network from threats.
The vulnerabilities listed in the directory allow threat actors to perform a variety of attacks, including stealing credentials, accessing the network, remotely executing commands, downloading and executing malware, and stealing information from devices.
Add up to these seven vulnerabilities, and the catalog now has a total of 654 vulnerabilities, including the dates when federal agencies must fix and security updates. Seven new vulnerabilities are added below, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has asked agencies to patch them by May 16, 2022.
The WSO2 vulnerability tracked as CVE-2022-29464 was disclosed on April 18, 2022, and a few days later, researchers at Rapid7, the world's leading cybersecurity company, discovered that the public PoC was being used in attacks to deploy WebShell and coinminer mining malware.
The Microsoft Windows User Profile Service Privilege Escalation vulnerabilities, traced as CVE-2022-21919 and CVE-2022-26904, were discovered by Microsoft researcher Abdelhamid Naceri, whose ransomware gangs exploited these vulnerabilities to spread horizontally through Windows domains.
The DirtyPipe Linux privilege escalation vulnerability tracked as CVE-2022-0847 was disclosed in March 2022, and soon after, a number of proof-of-concept vulnerabilities were released, allowing users to quickly gain root privileges, as shown in the following figure.
The Microsoft Win32k privilege escalation vulnerability tracked as CVE-2021-40450 and CVE-2021-41357 was patched in October 2021 and is a special addition to the list as its wild exploit is not publicly mentioned.
All cybersecurity professionals and administrators should review the directory of known exploited vulnerabilities and patch them in their environment.