U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog
Publish Date: 2026-05-21 16:27:11
Source Domain: securityaffairs.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added multiple critical vulnerabilities from Microsoft and Adobe to its Known Exploited Vulnerabilities catalog. These newly identified flaws include several remote code execution and elevation of privilege vulnerabilities in Microsoft products like Windows, Internet Explorer, and Defender, as well as a heap-based buffer overflow in Adobe Acrobat and Reader. Examples of these vulnerabilities include CVE-2008-4250, which affects older versions of Windows and allows remote code execution, and CVE-2009-3459 in Adobe software that could lead to arbitrary code execution via a crafted PDF file. The addition of these vulnerabilities to the catalog emphasizes their active exploitation in the wild, prompting urgent action from both federal agencies and private organizations. CISA has ordered federal agencies to mitigate these vulnerabilities by June 3, 2026, following the Binding Operational Directive 22-01 to reduce the significant risk of known exploited vulnerabilities.
Key Points:
– CISA added several severe vulnerabilities in Microsoft and Adobe products to its KEV catalog.
– These include remote code execution and elevation of privilege flaws in Windows, Internet Explorer, Defender, and Adobe Acrobat.
– Federal agencies are now required to address these vulnerabilities by June 3, 2026.
– Experts emphasize the importance of addressing these vulnerabilities to prevent exploitation in current cyberattacks.
– The vulnerabilities range in threat scores, with some rated at a critical 9.8 on the CVSS scale.
