The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen additional flaws to its list of actively exploited vulnerabilities known to be used in cyberattacks. CISA is giving federal agencies a deadline of April 5, 2022, to apply the available security updates …
Description Patch Deadline
SonicWall SonicOS Buffer Overflow Vulnerability 4/5/2022
Microsoft Windows UPnP Service Privilege Escalation Vulnerability 4/5/2022
Microsoft Windows Privilege Escalation Vulnerability 4/5/2022
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability 4/5/2022
Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability 4/5/2022
Microsoft Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022
Some of these vulns keep cropping up: Admins of SonicWall VPNs had to patch them again, even after a PoC was already in the wild. CISA’s catalog of Known Exploited Vulnerabilities now totals 504 flaws, all of which have been seen in use by attackers.