The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of “known exploited vulnerabilities”.
These flaws have been observed during real cyberattacks against organizations, so they are released to raise awareness of system administrations and serve as official notices for the application of corresponding security updates.
In this case, CISA is giving federal agencies until April 15, 2022 to fix the listed vulnerabilities and reduce the risk of falling victim to cyberattacks.
A whopping 66 vulnerabilities
The new set of 66 actively exploited vulnerabilities published by CISA covers disclosure dates between 2005 and 2022, covering a wide range of software and hardware types and versions.
The Mitel CVE-2022-26143 and Windows CVE-2022-21999 vulnerabilities disclosed in February are two bugs of particular interest.
Microsoft fixed Windows print spooler bug CVE-2022-21999 in Tuesday’s February 2022 patch updates, and threat actors did not actively exploit it at the time. The vulnerability allows attackers to run code as SYSTEM, the highest Windows privileges when exploited.
Mitel bug CVE-2022-26143 affects devices using a vulnerable driver (TP-240), including MiVoice Business Express and MiCollab.
This flaw allows a record DDoS amplification rate of approximately 4.3 billion to 1, using an internal reflection method.
Akamai, the company that discovered the Mitel bug, previously reported savage attacks in early February, targeting governments, financial institutions and internet service providers.
Additionally, the set contains a 2005 RCE flaw in Hewlett Packard OpenView, a 2009 buffer overflow in Adobe Reader and Acrobat, a 2009 RCE in phpMyAdmin, and 23 other flaws dating from 2010 to 2016.
The addition of these 66 vulnerabilities at this time does not necessarily mean that CISA analysts have just spotted their active exploitation in the wild.
Most likely, the agency is releasing new sets with gaps between them so as not to overwhelm system administrators, trying to balance practical constraints with security best practices.
Another possible explanation for these old vulnerabilities being added to the catalog could be that they are being exploited in new exploit chains applicable today, suddenly going from obsolescence to relevance.
However, the list shows us how quickly threat actors start targeting a vulnerability once a vendor has disclosed it.
For example, Windows Print Spooler vulnerability CVE-2022-21999, Mitel DDoS amplification vulnerability CVE-2022-26143, and CVE-2022-26318 WatchGuard vulnerabilities were disclosed in February and were quickly exploited by hackers.
For this reason, it is essential that administrators apply security updates as soon as possible to prevent their exploitation, especially on devices exposed to the Internet.
Due to the large number of vulnerabilities making up the latest set, CISA has not provided the usual summary table, so system administrators will need to review new entries in the catalog, which now has a total of 570 vulnerabilities.
Once in the catalog, you can click on the “Date Added” column header to sort the most recently added vulnerabilities.