US CERT Current Activity
Mar 16, 2022
Original release date: March 16, 2022Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Mar 16, 2022
Original release date: March 16, 2022Google has released Chrome version 99.0.4844.74 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Mar 15, 2022
Original release date: March 15, 2022CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates. CVE ID Vulnerability Name Due Date CVE-2020-5135 SonicWall SonicOS Buffer Overflow Vulnerability 4/5/2022 CVE-2019-1405 Microsoft Windows UPnP Service Privilege Escalation Vulnerability 4/5/2022 CVE-2019-1322 Microsoft Windows Privilege Escalation Vulnerability 4/5/2022 CVE-2019-1315 Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability 4/5/2022 CVE-2019-1253 Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability 4/5/2022 CVE-2019-1129 Microsoft Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022 CVE-2019-1069 Microsoft Task Scheduler Privilege Escalation Vulnerability 4/5/2022 CVE-2019-1064 Microsoft Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022 CVE-2019-0841 Microsoft Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022 CVE-2019-0543 Microsoft Windows Privilege Escalation Vulnerability 4/5/2022 CVE-2018-8120 Microsoft Win32k Privilege Escalation Vulnerability 4/5/2022 CVE-2017-0101 Microsoft Windows Transaction Manager Privilege Escalation Vulnerability 4/5/2022 CVE-2016-3309 Microsoft Windows Kernel Privilege Escalation Vulnerability 4/5/2022 CVE-2015-2546 Microsoft Win32k Memory Corruption Vulnerability 4/5/2022 CVE-2019-1132 Microsoft Win32k Privilege Escalation Vulnerability 4/5/2022 Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria. Note: prioritizing software updates that address known exploited vulnerabilities is one of the actions CISA encourages as part of the recent Shields Up recommendations to all stakeholders. This product is provided subject to this Notification and this Privacy & Use policy.
Mar 15, 2022
Original release date: March 15, 2022The National Security Agency (NSA) and CISA have updated their joint Cybersecurity Technical Report (CTR): Kubernetes Hardening Guide, originally released in August 2021, based on valuable feedback and inputs from the cybersecurity community. Kubernetes is an open-source system that automates deployment, scaling, and management of applications run in containers. A container is a runtime environment that contains a software package and its dependencies. Kubernetes is often hosted in a cloud environment. The CTR provides recommended configuration and hardening guidance for setting up and securing a Kubernetes cluster. CISA encourages users and administrators to review the updated Kubernetes Hardening Guide—which includes additional detail and explanations—and apply the hardening measures and mitigations to manage associated risks. This product is provided subject to this Notification and this Privacy & Use policy.
Mar 15, 2022
Original release date: March 15, 2022CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication (MFA) protocols. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527), to run arbitrary code with system privileges. The advisory provides observed tactics, techniques, and procedures, as well as indicators of compromise and mitigations to protect against this threat. CISA encourages users and administrators to review AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. For general information on Russian state-sponsored malicious cyber activity, see cisa.gov/Russia. For more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure, as well as additional mitigation recommendations, see AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure and cisa.gov/shields-up. This product is provided subject to this Notification and this Privacy & Use policy.