Ninety-five actively exploited vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities Catalog in the past week. This is one of the larger batches of vulnerabilities added to the list in quite some time. Several of the flaws are labeled high severity with severity scores of 9.8. Products from various well-known manufacturers are affected, including Apache Tomcat, Cisco, Microsoft, Adobe, Mozilla, and many others. Many of the bugs are quite old, including one that is 20 years old. The older bugs have been given a patch deadline of March 27th, while the newer bugs must be patched by March 17th. The 20-year-old bug stretches all the way back to 2002 and pertains to the debugging subsystem in Windows NT and Windows 2000.
As soon as patches become available, organizations and individuals using products that are affected should implement those fixes immediately. Older products, especially those that have reached end-of-life, are easier for attackers to exploit. Updating to newer products is highly advised if patches or fixes do not become available. Visit CISA’s Known Exploited Vulnerabilities Catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog