Tag

Kev Catalog

All articles tagged with #kev catalog

technology1 month ago

Risk-Based Patch Strategy Drives Federal Cyber Hygiene Under BOD 26-04

CISA's Binding Operational Directive 26-04 requires federal civilian agencies to prioritize vulnerability remediation based on risk, using the Known Exploited Vulnerabilities (KEV) Catalog and SSVC data while considering asset exposure, exploit automation, and technical impact. It establishes a three-phase rollout—immediate policy updates and automation (Phase I), process updates within 60 days (Phase II), and vulnerability remediation within 180 days (Phase III)—with automated reporting via the Continuous Diagnostics and Monitoring program and ongoing Cyber Hygiene practices. The directive supersedes BOD 19-02 and 22-01, aligns with OMB Circular A-130 and FISMA, and aims to harden federal networks against sophisticated cyber threats by focusing on high-risk vulnerabilities and maintaining asset tagging and exposure data.

Emergency patch fixes active Microsoft Office zero-day CVE-2026-21509
security5 months ago

Emergency patch fixes active Microsoft Office zero-day CVE-2026-21509

Microsoft issued an out-of-band fix for a high-severity Office zero-day (CVE-2026-21509) that enables a local security feature bypass when users open a specially crafted Office file; exploitation requires user interaction, and the Preview Pane is not a vector. Office 2021+ patches will apply automatically with a service-side change but require restarting Office apps, while Office 2016/2019 users must install specific updates. A registry workaround is provided as mitigation. The flaw has been added to the CISA Known Exploited Vulnerabilities catalog, with federal agencies required to patch by February 16, 2026. Credit goes to MSTIC, MSRC, and the Office security team.

CISA Expands KEV with Four Actively Exploited Flaws
security5 months ago

CISA Expands KEV with Four Actively Exploited Flaws

CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation: CVE-2025-68645 (PHP remote file inclusion in Synacor Zimbra Collaboration Suite; CVSS 8.8; fixed in v10.1.13), CVE-2025-34026 (authentication bypass in Versa Concerto SD-WAN; CVSS 9.2; fixed in 12.2.1 GA), CVE-2025-31125 (improper access control in Vite; CVSS 5.3; fixed across multiple versions), and CVE-2025-54313 (embedded malicious code in eslint-config-prettier as part of a supply-chain attack with Scavenger Loader; CVSS 7.5; linked to July 2025 phishing campaigns). Exploitation of CVE-2025-68645 has been observed since January 14, 2026; details on the others’ exploitation are not provided. FCEB agencies must patch by February 12, 2026 under BOD 22-01.