Whereas BOD 22-01 applies particularly to federal companies, CISA “strongly recommends” that every one organizations deal with KEV-listed vulnerabilities as high-priority patching targets. The catalog tracks flaws with confirmed energetic exploitation, making them considerably extra prone to be weaponized towards a broader vary of targets.
Methods to patch
Cisco stated organizations ought to verify for indicators of potential compromise on all internet-accessible cases after making use of mitigations. The corporate suggested directors to overview system logs and configurations for any unauthorized adjustments or suspicious exercise which will point out prior exploitation.
For organizations unable to right away improve to mounted releases, the corporate stated version-specific patch information supply an interim remediation choice. Nevertheless, Cisco famous that patches should match the precise software program model operating on the system, and directors ought to confirm compatibility earlier than deployment.
