The CISA (Cybersecurity and Infrastructure Security Agency) has added six additional vulnerabilities to its list of known vulnerabilities. This list usually only includes vulnerabilities that are a common attack vector: Microsoft Windows Driver and MacOS vulnerabilities. A comment from Qualys.
The addition of the vulnerabilities comes after adding two more vulnerabilities related to the Microsoft Windows Common Log File System Driver and the Apple iOS/ iPadOS/ macOS Monterey and Big Sur zero-day attacks last week. Some of the vulnerabilities are new, while others are several years old. One is even from 2010.
New vulnerabilities - old problems
"On September 15, CISA listed six known vulnerabilities in its catalog of known vulnerabilities. These types of vulnerabilities are a common attack vector for attackers because there is evidence of active exploitation. They therefore pose a significant risk. As recently as September 14, two vulnerabilities affecting Microsoft and Apple were added and are being actively exploited.
The six vulnerabilities include three vulnerabilities in the Linux kernel, one in the Aurora ACDB audio driver code present in third-party products such as Qualcomm and Android, and a vulnerability in Microsoft Windows that allows remote code execution.
It is worrying that four of the CVEs released today are from 2013 and one is from 2010. Only one of the newly exploited vulnerabilities is a CVE from 2022. This shows that there are many companies struggling to to know their IT, to keep these IT resources up to date or to mitigate these problems appropriately so that there is no risk of exploitation. Patching known vulnerabilities is one of the best ways to prevent attacks. However, many companies cannot keep up with patching. In addition, companies should replace their legacy systems or migrate them if they are still needed,” said Paul Baird, Chief Technical Security Officer UK at Qualys.
More at Qualys.com
About Qualys
Qualys is a pioneer and leading provider of disruptive, cloud-based IT, security and compliance solutions. The company has more than 10.000 active clients worldwide, including the majority of the Forbes Global 100 and Fortune 100 companies. Qualys helps organizations streamline and consolidate their security and compliance solutions into a single platform, enabling greater agility, better business outcomes and significant cost reductions.