U.S. CISA Adds Critical Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken a significant step in protecting federal networks from cyber threats by adding Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog.

This move is part of CISA's efforts to identify and mitigate critical vulnerabilities that pose a significant risk to national security and the nation's critical infrastructure. The KEV catalog serves as a resource for federal agencies, private organizations, and individuals to stay informed about known exploited vulnerabilities and take proactive measures to address them.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal civilian agencies are required to address the identified vulnerabilities by their due dates. This directive emphasizes the importance of timely patching and mitigation to prevent cyber attacks that exploit these flaws.

Experts recommend that private organizations review the KEV catalog and take immediate action to address the identified vulnerabilities in their infrastructure. By doing so, they can significantly reduce the risk of falling prey to targeted attacks that exploit these known exploited vulnerabilities.

Key Flaws Added to KEV Catalog

The following flaws have been added to the KEV catalog:

  • Microsoft Internet Explorer: A critical vulnerability in Microsoft Internet Explorer allows an attacker to execute arbitrary code on a vulnerable system.
  • Microsoft Office Excel: A known exploited vulnerability in Microsoft Office Excel enables an attacker to perform arbitrary file operations, potentially leading to data breaches.
  • WinRAR: A flaw in WinRAR's compression and extraction capabilities allows an attacker to bypass security measures and access sensitive data.

CISA has ordered federal agencies to fix these vulnerabilities by September 2, 2025. This deadline underscores the agency's commitment to ensuring that federal networks are secure against known exploited vulnerabilities.

Stay Informed and Stay Safe

To stay up-to-date with the latest information on KEV catalog entries, follow CISA on Twitter at @securityaffairs and Facebook and Mastodon. By staying informed and taking proactive measures to address identified vulnerabilities, individuals and organizations can significantly reduce their risk of falling prey to cyber threats.