Plenty to keep the security team busy: the US cybersecurity authority is urging everyone to patch a number of software flaws, including some older ones in Microsoft's Silverlight plug-in and Adobe Flash Player.
There's a chance Silverlight may still be floating around government systems as internal legacy applications or websites. Silverlight applications, for example, will still work in IE Mode in modern Edge.
CISA's latest updates to its known exploited vulnerabilities catalog includes Flash flaws disclosed in 2016 and 2015 and Silverlight flaws dating back to 2013. It also includes older flaws affecting WhatsApp, Kaseya, Mozilla Firefox, Apple's iOS, and Google Chrome.
There are also a number of Windows flaws disclosed between 2015 and 2018, several Internet Explorer bugs from 2014, a Linux kernel privilege escalation flaw from 2014, and several Oracle Java remote code execution bugs dating back to 2010.
One of the newer 'must patch' bugs disclosed in 2022 affected Cisco's IOS XR software (CVE-2022-20821). Cisco disclosed it last week and gave it a medium severity rating, noting it was aware of "attempted exploitation" of it in the wild in May.
Regardless of the age of most of the bugs, CISA notes that "these types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise."