• CISA : Install Windows March 2025 Updates until April 1 or shut down PC.

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » CISA : Install Windows March 2025 Updates until April 1 or shut down PC.

    Author
    Topic
    Alex5723
    AskWoody Plus
    March 17, 2025 at 1:32 pm #2756427

    https://www.cisa.gov/known-exploited-vulnerabilities-catalog

    Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due Date: 2025-04-01

    * For all 6 exploited vulnerabilities.

    Moderator’s Note: Edited topic title to correct typo in agency’s abbreviated name.

    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • b
      AskWoody_MVP
      March 17, 2025 at 2:39 pm #2756468

      Apple iOS, iPadOS, macOS, – DITTO

      1 user thanked author for this post.
      Alex5723
      Reply | Quote
    • Paul T
      AskWoody MVP
      March 20, 2025 at 3:56 pm #2757204

      Contrary to the implication in Alex’s quote, this CISA page lists known vulnerabilities, not some new, “must fix now”, world ending vulnerability.

      TL;DR, don’t panic.

      cheers, Paul

      Reply | Quote
      • b
        AskWoody_MVP
        March 20, 2025 at 4:16 pm #2757208
        Paul T wrote:

        Contrary to the implication in Alex’s quote, this CISA page lists known vulnerabilities,

        known exploited vulnerabilities

        Paul T wrote:

        not some new, “must fix now”, world ending vulnerability.

        Federal agencies are required to fix within two weeks, and all other organizations are strongly encouraged to do so:

        All federal civilian executive branch (FCEB) agencies are required to remediate vulnerabilities in the KEV catalog within prescribed timeframes under Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities. Although not bound by BOD 22-01, every organization, including those in state, local, tribal, and territorial (SLTT) governments and private industry can significantly strengthen their security and resilience posture by prioritizing the remediation of the vulnerabilities listed in the KEV catalog as well. CISA strongly recommends all stakeholders include a requirement to immediately address KEV catalog vulnerabilities as part of their vulnerability management plan. Doing so will build collective resilience across the cybersecurity community.

        Reducing the Significant Risk of Known Exploited Vulnerabilities

        Reply | Quote
    Viewing 1 reply thread
    Reply To: CISA : Install Windows March 2025 Updates until April 1 or shut down PC.

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.