• Latest
  • Trending
CISA adds 15 vulnerabilities to list of flaws exploited in attacks

CISA adds 15 vulnerabilities to list of flaws exploited in attacks

March 17, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 17 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

CISA adds 15 vulnerabilities to list of flaws exploited in attacks

by ITECHNEWS
March 17, 2022
in Leading Stories, Tech
0 0
0
CISA adds 15 vulnerabilities to list of flaws exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen additional flaws to its list of actively exploited vulnerabilities known to be used in cyberattacks.

These public warnings aim to raise awareness to system administrators who have yet to apply the corresponding security updates and urge them to prioritize the action.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

Since threat actors have been observed targeting these flaws in the attacks, failing to address the security issues means risking a network compromise that can lead to a catastrophic data breach or ransomware attack.

For this reason, CISA gives federal agencies a deadline of April 5, 2022, to apply the available security updates for the following 15 highlighted older vulnerabilities, which were disclosed in 2015 through 2020.

CVE IDDescriptionPatch Deadline
CVE-2020-5135SonicWall SonicOS Buffer Overflow Vulnerability4/5/2022
CVE-2019-1405Microsoft Windows UPnP Service Privilege Escalation Vulnerability4/5/2022
CVE-2019-1322Microsoft Windows Privilege Escalation Vulnerability4/5/2022
CVE-2019-1315Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability4/5/2022
CVE-2019-1253Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability4/5/2022
CVE-2019-1129Microsoft Windows AppXSVC Privilege Escalation Vulnerability4/5/2022
CVE-2019-1069Microsoft Task Scheduler Privilege Escalation Vulnerability4/5/2022
CVE-2019-1064Microsoft Windows AppXSVC Privilege Escalation Vulnerability4/5/2022
CVE-2019-0841Microsoft Windows AppXSVC Privilege Escalation Vulnerability4/5/2022
CVE-2019-0543Microsoft Windows Privilege Escalation Vulnerability4/5/2022
CVE-2018-8120Microsoft Win32k Privilege Escalation Vulnerability4/5/2022
CVE-2017-0101Microsoft Windows Transaction Manager Privilege Escalation Vulnerability4/5/2022
CVE-2016-3309Microsoft Windows Kernel Privilege Escalation Vulnerability4/5/2022
CVE-2015-2546Microsoft Win32k Memory Corruption Vulnerability4/5/2022
CVE-2019-1132Microsoft Win32k Privilege Escalation Vulnerability4/5/2022

Older flaws still targeted

Most flaws in the new set highlighted by CISA concern privilege escalation problems on Windows, of which one, CVE-2019-0841, has a published proof-of-concept (PoC) exploit that threat actors can pick up and use immediately on vulnerable systems.

The CVE-2019-1069 privilege escalation flaw on the Microsoft Task Scheduler was leveraged by the Ryuk ransomware group last April, which used it to raise its code execution rights on compromised systems.

The exploitation of CVE-2019-1132 has been previously linked to the Buhtrap hacking group, which used the zero-day flaw against governmental entities to run arbitrary code in kernel mode.

The significantly older CVE-2018-8120 on Win32k was first seen exploited for attacks as a zero-day back in May 2018, but apparently, it’s still valuable for threat actors.

Finally, CISA highlights CVE-2020-5135, a critical buffer overflow vulnerability in SonicWall VPNs that impacted over 800,000 devices at the time of its discovery.

Although SonicWall attempted to fix it with a patch, it was later discovered that the fixing was partial. As a result, administrators of SonicWall VPNs had to patch it again while a PoC was already in circulation.

These latest additions bring CISA’s Known Exploited Vulnerabilities Catalog to a total of 504 flaws, which admins cannot ignore as they’re all used by threat actors.

Organizations are advised to monitor that list and ensure they have addressed all security gaps on their systems, as adversaries don’t care how old a flaw is as long as it can give them unauthorized access to the target.

Source: Bill Toulas
Via: bleepingcomputer
Tags: CISA adds 15 vulnerabilities flaws exploited in attacks
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version