Original release date: February 4, 2022

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number	CVE Title	Required Action Due Date
CVE-2022-21882	Microsoft Win32k Privilege Escalation Vulnerability	02/18/2022

 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

Original release date: February 3, 2022

Cisco has released security updates to address vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco advisory cisco-sa-smb-mult-vuln-KA9PK6D and apply the necessary updates.

Original release date: February 1, 2022

The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to warn entities associated with the February 2022 Beijing Winter Olympics and March 2022 Paralympics that malicious cyber actors could use a broad range of cyber activities to disrupt these events. These activities include distributed denial-of-service attacks, ransomware, malware, social engineering, data theft or leaks, phishing campaigns, disinformation campaigns, and insider threats. Additionally, the FBI PIN warns Olympic participants and travelers of potential threats associated with mobile applications developed by untrusted vendors. The FBI urges all athletes to keep their personal cell phone at home and use a temporary phone while attending the events.

CISA encourages all travelers to the 2022 Beijing Winter Olympics and Paralympics to review FBI PIN: Potential for Malicious Cyber Activities to Disrupt the 2022 Beijing Winter Olympics and Paralympics and apply the recommendations.