CISA Adds Four Known Exploited Vulnerabilities to Catalog
Summary
CISA added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. These vulnerabilities affect Microsoft Configuration Manager, Notepad++, SolarWinds Web Help Desk, and Apple products. CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities.
IFF Assessment
The addition of actively exploited vulnerabilities to the KEV catalog indicates increased risk for organizations using the affected software.
Severity
Defender Context
The addition of these vulnerabilities to the KEV catalog means defenders should prioritize patching them. Actively exploited vulnerabilities are prime targets for attackers, and federal agencies are mandated to remediate them quickly. Defenders should monitor CISA's KEV catalog regularly and integrate it into their vulnerability management processes.