CISA Adds Four Known Exploited Vulnerabilities to Catalog
Summary
CISA added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerabilities affect Microsoft Windows, Synacor Zimbra, TeamT5 ThreatSonar, and Google Chromium. CISA urges all organizations to prioritize timely remediation of KEV Catalog vulnerabilities.
IFF Assessment
The addition of actively exploited vulnerabilities to the KEV catalog indicates increased risk for organizations.
Severity
Defender Context
The addition of these vulnerabilities to the KEV catalog means that they are being actively exploited in the wild and represent a significant risk. Defenders should prioritize patching these vulnerabilities in their environments, especially those affecting externally facing systems. Regularly monitoring the CISA KEV catalog and rapidly patching listed vulnerabilities is a key defensive strategy.