CISA has updated its Known Exploited Vulnerabilities Catalog with three new entries - Microsoft Windows Kernel TOCTOU Race Condition Vulnerability, Mozilla Firefox Use-After-Free Vulnerability, and SolarWinds Web Help Desk Hardcoded Credential Vulnerability. These vulnerabilities are known to be exploited by cyber actors, posing high risks to federal systems. The addition aligns with the Binding Operational Directive 22-01, mandating federal agencies to address such vulnerabilities promptly for network protection
While the directive is for federal agencies, CISA advises all organizations to prioritize remediation of catalog vulnerabilities to enhance cybersecurity defenses. CISA will continuously update the catalog with vulnerabilities meeting specified criteria, emphasizing proactive vulnerability management practices. https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-adds-three-known-exploited-vulnerabilities-catalog