CISA has added a new vulnerability, CVE-2024-29988, to its Known Exploited Vulnerabilities Catalog after identifying evidence of active exploitation. This catalog is a list of known vulnerabilities, like the Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability, posing significant risks for the federal enterprise. The BOD 22-01 directive mandates Federal Civilian Executive Branch agencies to address these vulnerabilities promptly
Although the directive targets FCEB agencies, CISA advises all organizations to prioritize the timely remediation of these vulnerabilities to enhance their cybersecurity posture. CISA plans to continually update the catalog with vulnerabilities meeting the defined criteria. https://www.cisa.gov/news-events/alerts/2024/04/30/cisa-adds-one-known-exploited-vulnerability-catalog