Ransomware Q2 & Q3 Report is live now!

DHS CISA KEVs Weekly Edition 10: Patch Before you Hit the Deadline

Posted on Jul 9, 2022 | By Supriya Aluri

Following frequent and highly impactful cyberattacks, the CISA has updated the KEV list and has recommended that all federal agencies patch these vulnerabilities within the due date. This week, 12 vulnerabilities need to be patched by July 10, 2022. 

We analyzed the CISA Known Exploited Vulnerabilities (KEVs) and found the following:


How Far Back Do They Go?

Of the 12 KEVs, the oldest vulnerability, a Microsoft WinVerifyTrust function Remote Code Execution, dates back to 2013.

Which Vendors Are Affected?

Several prominent vendor products are affected by the vulnerabilities that need to be patched by July 10, 2022.

Severity Scores

Patching these vulnerabilities is of high priority, as most of them rank high on the CVSS severity scale.

Software Weaknesses

The following CWEs are associated with several vulnerabilities that need to be patched this week.


 

                                                        Table: DHS CISA KEVs

Half of these vulnerabilities can be used to remotely execute malicious code. Since the start of the pandemic, there has been an increase of over 75% in the activity of ransomware groups. Hence, all federal and private organizations should immediately patch the above-listed CVEs, as they are highly susceptible to attacks. 

You can find our analysis of the new CVEs added to the KEV here

Keep watching this space for updates on CVE patch deadlines.

Subscribe to our blogs and let us decode the CISA KEV for you.

Test your defense to know how secure you are…