The U.S. Cybersecurity & Infrastructure Security Agency has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks.
CISA’s warning about these vulnerabilities serves as a wake-up call to all system administrators that they need to prioritize installing security updates to protect the organization’s network.
The most recent one, CVE-2021-36934, is a Microsoft Windows SAM vulnerability that allows anyone to access the Registry database files on Windows 10 and 11, extract password hashes and gain administrator privileges.
Of the older flaws, CVE-2015-2051 is a remote code execution bug affecting D-Link DIR-645 routers that continues to deliver to attackers.
CISA’s list of exploited vulnerabilities is a constant reminder for organizations to deal with outdated and no longer supported hardware that is present in sensitive parts of the network since adversaries do not care how old a vulnerability is as long as it gets them in.
With the addition of the 15 flaws above, CISA’s Known Exploited Vulnerabilities Catalog now lists 367 security vulnerabilities.