The US cybersecurity company CISA on Thursday introduced closing 10 Emergency Directives issued between 2019 and 2024.
The retired directives, CISA says, have achieved their mission to mitigate pressing and imminent dangers to federal businesses.
“Since their issuance, CISA has partnered carefully with federal businesses to drive remediation, embed greatest practices and overcome systemic challenges – establishing a stronger, extra resilient digital infrastructure for a safer America,” the company notes.
For 3 of the closed CISA Emergency Directives, particularly ‘ED 19-01: Mitigate DNS Infrastructure Tampering’, ‘ED 21-01: Mitigate SolarWinds Orion Code Compromise’, and ‘ED 24-02: Mitigating the Important Threat from Nation-State Compromise of Microsoft Company E-mail System’, targets have been achieved, rendering the directives out of date, CISA says.
The remaining seven directives, particularly ED 20-02, ED 20-03, ED 20-04, ED 21-02, ED 21-03, ED 21-04, and ED 22-03, instructed federal businesses to deal with vulnerabilities in Microsoft, Pulse Join, and VMware merchandise.
The focused flaws included a Home windows bug reported by the NSA, a wormable Home windows DNS server defect, the notorious Zerologon vulnerability, Alternate zero-days exploited by Chinese language hackers, a Home windows Print Spooler difficulty exploited by Russian hackers, and two VMware flaws exploited since 2022.Commercial. Scroll to proceed studying.
One of many directives, issued in 2021, targets 4 Pulse Join Safe vulnerabilities, together with CVE-2021-22893 (exploited alongside CVE-2020-8243 and CVE-2021-22894), and CVE-2021-22900.
All focused vulnerabilities at the moment are in CISA’s Identified Exploited Vulnerabilities (KEV) catalog and the required actions are outlined in Binding Operational Directive (BOD) 22-01, which mandates that federal businesses resolve flaws added to KEV inside weeks.
“The closure of those ten Emergency Directives displays CISA’s dedication to operational collaboration throughout the federal enterprise. Wanting forward, CISA continues to advance Safe by Design rules – prioritizing transparency, configurability, and interoperability - so each group can higher defend their numerous environments,” CISA Performing Director Madhu Gottumukkala mentioned.
Associated: CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries
Associated: CISA Warns of Exploited Flaw in Asus Replace Software
Associated: CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Assault
Associated: CISA Confirms Exploitation of Latest Oracle Identification Supervisor Vulnerability
