CISA is known for publishing various reports and remediations for cyberattacks. They release a list of many known exploited vulnerabilities which are exploited by hackers frequently. They have added a list of 15 new exploited vulnerabilities to their list.
The recent list contains almost all of the recent Windows Privilege Escalation vulnerabilities.
| CVE ID | Vulnerability Name | Due Date |
| CVE-2020-5135 | SonicWall SonicOS Buffer Overflow Vulnerability | 4/5/2022 |
| CVE-2019-1405 | Microsoft Windows UPnP Service Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2019-1322 | Microsoft Windows Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2019-1315 | Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2019-1253 | Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2019-1129 | Microsoft Windows AppXSVC Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2019-1069 | Microsoft Task Scheduler Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2019-1064 | Microsoft Windows AppXSVC Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2019-0841 | Microsoft Windows AppXSVC Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2019-0543 | Microsoft Windows Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2018-8120 | Microsoft Win32k Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2017-0101 | Microsoft Windows Transaction Manager Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2016-3309 | Microsoft Windows Kernel Privilege Escalation Vulnerability | 4/5/2022 |
| CVE-2015-2546 | Microsoft Win32k Memory Corruption Vulnerability | 4/5/2022 |
| CVE-2019-1132 | Microsoft Win32k Privilege Escalation Vulnerability | 4/5/2022 |
The list was based on the Binding Operational Directive (BOD) 22-01 which states as “Reducing the Significant Risk of Known Exploited Vulnerabilities“. This directive was established to list the exploited vulnerabilities which has potential risk to Federal agencies and network. The directive importantly denoted that FCEB agencies must mitigate and remediate the list of identified vulnerabilities before the due date given.
Although the directive mentions FCEB agencies specifically, CISA instructs all organizations to use the list of known vulnerabilities and reduce the risk of cyberattacks.
CISA also mentioned that they will continue to update and address the known exploited vulnerabilities and will add them to the catalog in case of the specified criteria were met.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered, enabling…
Commvault, a global leader in data protection and information management, has confirmed that a sophisticated…
The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains associated…
The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a host…
Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing Simulator,…
Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been exploiting…
.png?w=1600&resize=1600,900&ssl=1)
