CISA Has Added 15 New Flaws to the List of Actively Exploited Vulnerabilities

CISA is known for publishing various reports and remediations for cyberattacks. They release a list of many known exploited vulnerabilities which are exploited by hackers frequently. They have added a list of 15 new exploited vulnerabilities to their list.

The recent list contains almost all of the recent Windows Privilege Escalation vulnerabilities.

CVE IDVulnerability NameDue Date
CVE-2020-5135SonicWall SonicOS Buffer Overflow Vulnerability4/5/2022
CVE-2019-1405Microsoft Windows UPnP Service Privilege Escalation Vulnerability4/5/2022
CVE-2019-1322Microsoft Windows Privilege Escalation Vulnerability4/5/2022
CVE-2019-1315Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability4/5/2022
CVE-2019-1253Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability4/5/2022
CVE-2019-1129Microsoft Windows AppXSVC Privilege Escalation Vulnerability4/5/2022
CVE-2019-1069Microsoft Task Scheduler Privilege Escalation Vulnerability4/5/2022
CVE-2019-1064Microsoft Windows AppXSVC Privilege Escalation Vulnerability4/5/2022
CVE-2019-0841Microsoft Windows AppXSVC Privilege Escalation Vulnerability4/5/2022
CVE-2019-0543Microsoft Windows Privilege Escalation Vulnerability4/5/2022
CVE-2018-8120Microsoft Win32k Privilege Escalation Vulnerability4/5/2022
CVE-2017-0101Microsoft Windows Transaction Manager Privilege Escalation Vulnerability4/5/2022
CVE-2016-3309Microsoft Windows Kernel Privilege Escalation Vulnerability4/5/2022
CVE-2015-2546Microsoft Win32k Memory Corruption Vulnerability4/5/2022
CVE-2019-1132Microsoft Win32k Privilege Escalation Vulnerability4/5/2022

The list was based on the Binding Operational Directive (BOD) 22-01 which states as “Reducing the Significant Risk of Known Exploited Vulnerabilities“. This directive was established to list the exploited vulnerabilities which has potential risk to Federal agencies and network. The directive importantly denoted that FCEB agencies must mitigate and remediate the list of identified vulnerabilities before the due date given.

Although the directive mentions FCEB agencies specifically, CISA instructs all organizations to use the list of known vulnerabilities and reduce the risk of cyberattacks.

CISA also mentioned that they will continue to update and address the known exploited vulnerabilities and will add them to the catalog in case of the specified criteria were met.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Critical Microsoft’s Time Travel Debugging Tool Vulnerability Let Attackers Mask Detection

Microsoft’s Time Travel Debugging (TTD) framework, a powerful tool for recording and replaying Windows program…

5 hours ago

ServiceNow Acquires Moveworks for $2.85 Billion to Boost AI Capabilities

In a landmark move to strengthen its position in the rapidly evolving artificial intelligence landscape,…

6 hours ago

Apple iOS 18.4 Beta 3 Released – What’s New!

Apple released iOS 18.4 Beta 3 on March 10, 2025, for developers, with a build…

6 hours ago

Researcher Hacks Embedded Devices to Uncover Firmware Secrets

In a recent exploration of embedded device hacking, a researcher demonstrated how to extract firmware…

7 hours ago

North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts

North Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics to…

7 hours ago

Ragnar Loader Used by Multiple Ransomware Groups to Bypass Detection

Ragnar Loader, a sophisticated toolkit associated with the Ragnar Locker ransomware group, has been instrumental…

7 hours ago