CISA Adds Microsoft and WinRAR Vulnerabilities to KEV Catalog: Critical Patching Required

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including flaws in Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR. These additions highlight the ongoing threat posed by unpatched software and the importance of timely patching. The vulnerabilities added to the KEV catalog are: Microsoft Internet Explorer (CVE-2021-26411), a remote code execution vulnerability that can be exploited through crafted web pages; Microsoft Office Excel (CVE-2017-11882), a remote code execution vulnerability that can be exploited through malicious Excel documents; and WinRAR (CVE-2018-20250), a path traversal vulnerability that can lead to arbitrary code execution when a user attempts to view a file within a ZIP archive. The inclusion of these vulnerabilities in the KEV catalog indicates that they are actively being exploited in the wild. Organizations should prioritize patching these vulnerabilities to mitigate the risk of exploitation. The presence of older vulnerabilities underscores the importance of regular patching and vulnerability management. For cybersecurity professionals, this means ensuring that systems are patched against these vulnerabilities and being aware of potential attack vectors. The addition of these vulnerabilities to the KEV catalog serves as a reminder that even older vulnerabilities can pose significant risks if left unpatched. It highlights the need for continuous monitoring and patching of systems to protect against known exploits.