{"id":8406,"date":"2022-03-22T11:47:32","date_gmt":"2022-03-22T18:47:32","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8406"},"modified":"2023-03-16T09:17:21","modified_gmt":"2023-03-16T16:17:21","slug":"dhs-cisa-kevs-weekly-edition-patch-before-you-hit-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/dhs-cisa-kevs-weekly-edition-patch-before-you-hit-the-deadline\/","title":{"rendered":"DHS CISA KEVs Weekly Edition: Patch Before you Hit the Deadline"},"content":{"rendered":"

CISA is ratcheting up the pressure on federal agencies to patch known exploited vulnerabilities added to the DHS CISA KEV catalog, which contains 504 CVEs as of writing.<\/p>\n

Since its initial publication, the list has been regularly updated with new vulnerabilities, and we expect this to be a continuing trend. CSW has been closely analyzing these DHS CISA known exploited vulnerabilities and also monitors the new entries added to the list.<\/p>\n

This blog brings you all the DHS CISA KEVs that need to be prioritized for patching this week (March 21 to March 27, 2022).<\/p>\n

A total of 71 known exploited vulnerabilities from the DHS CISA catalog should be patched by federal agencies this week before March 21 and March 24, 2022. We further analyzed these 71 KEVs and found that –<\/p>\n

\"\"<\/p>\n

How Far Back Do They Go?<\/h2>\n

Of the 71 KEVs, 69 CVEs are old vulnerabilities dating from 2002 to 2021 with a patch deadline of March 21 and March 24, 2022. There are 24 KEVs that exist in Microsoft products, 18 KEVs from Cisco, and 16 from Adobe.<\/p>\n

Another thing that organizations should be aware of is that 2 CVEs are from 2022, which exists in Mozilla.<\/p>\n

\"\"<\/p>\n

Which Vendors Are Affected?<\/h2>\n

Of these 71 KEVs that have a patch deadline of March 21 and March 24, 2022, affect major vendors such as Microsoft, Cisco, Adobe, Oracle, and\u00a0 Linux.<\/p>\n

\"\"<\/p>\n

Software Weaknesses<\/h2>\n

The analysis of these KEVs revealed that 65% of the KEVs with a patch due date of March 21 and March 24, 2022, fall under the Top 40 Most Dangerous Software Weaknesses<\/a>. 31% of KEVs fall OWASP Top 10:2021<\/a>.<\/p>\n

\"\"<\/p>\n

Severity Scores<\/h2>\n

\"\"<\/p>\n