CISA added four new CVEs to the KEV list on 9th Aug, 2022 and 11th Aug 2022: CVE-2022-30333, CVE-2022-34713, CVE-2022-27925, and CVE-2022-37042. This brings the total KEVs to 794. Of these there are 21 vulnerabilities that need to be patched by the 15th of August 2022, as recommended by CISA. Let us see what they are:
How Far Back Do They Go?
Of the 21 KEVs, 8 vulnerabilities were discovered in 2017. The oldest vulnerability dates back to 2013.
Which Vendors Are Affected?
Microsoft has the most number of vulnerabilities (11) that need to be patched by August 15, 2022. Since Windows devices are most targeted in recent attacks, organizations must be on the lookout for these vulnerabilities and patch them immediately.
Severity Scores
Patching these vulnerabilities is of high priority, as most of them rank high and critical on the CVSS.
Software Weaknesses
The following CWEs have caused the 15 vulnerabilities that need to be patched this week.
Table: DHS CISA KEVs
The CVEs recommended by CISA to be patched by Aug 15th are old CVEs, meaning they’ve been around for a while. Hackers love to target old CVEs as they have developed sophisticated and tried methods of attack for them. This week, SmokeLoader malware was found targeting two 2017 CVEs.
We recommend that all organizations patch these CVEs at the earliest.
For the latest news regarding vulnerabilities that are exploited and critical threats, read our blog on Weekly Threat Intelligence.