CISA urges orgs to patch actively exploited Windows SeriousSAM bug

The U.S. Cybersecurity & Infrastructure Security Agency has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks.

CISA’s warning about these vulnerabilities serves as a wake-up call to all system administrators that they need to prioritize installing security updates to protect the organization’s network.

The most recent one, CVE-2021-36934, is a Microsoft Windows SAM vulnerability that allows anyone to access the Registry database files on Windows 10 and 11, extract password hashes and gain administrator privileges.

Of the older flaws, CVE-2015-2051 is a remote code execution bug affecting D-Link DIR-645 routers that continues to deliver to attackers.

CISA’s list of exploited vulnerabilities is a constant reminder for organizations to deal with outdated and no longer supported hardware that is present in sensitive parts of the network since adversaries do not care how old a vulnerability is as long as it gets them in.

With the addition of the 15 flaws above, CISA’s Known Exploited Vulnerabilities Catalog now lists 367 security vulnerabilities.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.