CISA Adds Two New Vulnerabilities to Known Exploited Vulnerabilities Catalog
Release Date: September 16, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its Known Exploited Vulnerabilities Catalog, citing active exploitation in the wild. The addition of these vulnerabilities underscores the persistent risk they pose to federal agencies and organizations worldwide.
The newly added vulnerabilities are:
- CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability
- CVE-2024-6670: Progress WhatsUp Gold SQL Injection Vulnerability
Both of these vulnerabilities are commonly exploited by cybercriminals to gain unauthorized access, manipulate systems, or steal sensitive data. They pose a significant risk to the federal enterprise, making their timely remediation a priority for affected systems.
Importance of Addressing Known Exploited Vulnerabilities
The inclusion of these vulnerabilities in the catalog is part of the ongoing effort tied to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to take immediate steps to remediate the listed vulnerabilities by a set deadline, ensuring that federal networks are protected against known active threats.
While BOD 22-01 applies directly to FCEB agencies, CISA strongly encourages all organizations—not just federal agencies—to address these vulnerabilities as part of their cybersecurity efforts. Remediating known vulnerabilities is a critical step in preventing malicious actors from exploiting weaknesses in systems, and CISA urges organizations to integrate the catalog into their vulnerability management processes.
Continuous Updates to the Catalog
CISA remains committed to updating the Known Exploited Vulnerabilities Catalog as more vulnerabilities meet the criteria for inclusion. These updates are vital in helping organizations stay informed and take action against emerging threats. Organizations are advised to regularly monitor the catalog and prioritize the timely remediation of any vulnerabilities that apply to their systems.
For more information about BOD 22-01 and how it impacts the cybersecurity landscape, visit the BOD 22-01 Fact Sheet on CISA’s official website.
