Currently set to Index
Currently set to Follow
Thought Leadership

CISA Publishes Known Exploited Vulnerabilities List

Cybersecurity & Infrastructure Agency

The Cybersecurity & Infrastructure Security Agency (CISA) has issued a new directive that requires federal agencies to patch known vulnerability exploits. They are also publishing a list of these exploits to aid the effort. This list is available to the private sector and can be found at https://www.cisa.gov/known-exploited-vulnerabilities-catalog.

The directive itself can be found at https://www.cisa.gov/known-exploited-vulnerabilities.

This list will be updated on a regular basis and intended to be used as a list of ‘top risks’ that should be immediately addressed. A good vulnerability scanner or managed vulnerability solution can automate vulnerability detection, but if you do not have this type of solution in place, CISA’s list will give you the high-risk issues to look for manually. Today’s list contains 290 vulnerabilities, (going back to 2017), that are currently active in attacks detected and reported by Internet monitoring and security operations centers.

A quick review of the list shows a wide variety of software/hardware exploits that may or may not apply to you, Adobe Flash is an example of a software that has reached the end of life and is actively being exploited to gain a foothold on devices. Apple iOS for phones is another example that is listed several times.

If you find something that needs further investigation, you can click the link to the CVE on the left. The CVE will provide affected versions and also provide vendor links for further information and solutions.

If you are not using an active vulnerability scanning solution or a managed vulnerability partner like Mainstream, please take a moment to review the list of vendors and products you use. Apply the recommended updates and patches, or remove the software altogether if it’s no longer in use. Being proactive will drastically reduce your risk of being attacked successfully.

Daniel Weatherly, CISSP

Mainstream Technologies Inc.

Contact Us

  • Industry

  • Category

  • Regulation

  • Solution

Little Rock, AR | Conway, AR | Bentonville, AR

325 West Capitol Ave., Suite 200
Little Rock, AR 72201

Central Arkansas 501.801.6700

Northwest Arkansas 479.439.5700

Toll Free 1.800.550.2052

Mainstream Technologies, Inc., Information Technology Services, Little Rock, AR
© Copyright 2021. Mainstream Technologies, Inc. All Rights Reserved. Privacy Policy | Sitemap