U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws

The U.S. Cybersecurity and Infrastructure Security Agency has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within “Aggressive” timeframes.

“These vulnerabilities pose significant risk to agencies and the federal enterprise,” the agency said in a binding operational directive issued Wednesday.

“It is essential to aggressively remediate known exploited vulnerabilities to protect federal information systems and reduce cyber incidents.”

About 176 vulnerabilities identified between 2017 and 2020, and 100 flaws from 2021 have made their way to the initial list, which is expected to be updated with additional actively exploited vulnerabilities as and when they become known provided they have been assigned Common Vulnerabilities and Exposures identifiers and have clear remediation action.

Although the BOD is primarily aimed at federal civilian agencies, CISA is recommending private businesses and state entities to review the catalog and remediate the vulnerabilities to strengthen their security and resilience posture.

“Second, it provides due dates for remediating those vulnerabilities. By providing a common list of vulnerabilities to target for remediation, CISA is effectively leveling the playing field for agencies in terms of prioritization. It’s no longer up to each individual agency to decide which vulnerabilities are the highest priority to patch.”

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.
Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.
PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

Restez Informés!

Abonnez-vous pour rester au fait des dernières tendances, menaces, nouvelles et statistiques dans l’industrie.