/

CISA Identifies 4 New Vulnerabilities That Pose Risk to Federal Information Systems

1 min read

The Cybersecurity and Infrastructure Security Agency (CISA) has asked federal civilian agencies to remediate four known exploited vulnerabilities in information systems by Dec. 1st.

Publicly disclosed weaknesses in Exiftool remote code execution and Microsoft Win32k, Excel and Exchange Server applications are being exploited by threat actors, CISA said Wednesday.

The agency created a catalog in accordance with its Binding Operational Directive 22-01 to warn government personnel regarding network security risks and direct them to address the flaws within specific deadlines.

CISA on Tuesday published new playbooks meant to help agencies implement a standard set of procedures for responding to information system incidents and vulnerabilities.