CISA Adds Seven Known Exploited Vulnerabilities to KEV Catalog Following Active Exploitation Activity

Threat Summary

Category: CISA Alert / Known Exploited Vulnerabilities
Features: Active exploitation, legacy Microsoft vulnerabilities, Adobe exploitation risk, Microsoft Defender privilege escalation, denial-of-service exposure
Delivery Method: Remote exploitation, malicious documents, exploit chains, phishing activity
Threat Actor: Multiple cyber threat actors, malware operators, ransomware affiliates, opportunistic attackers

---

CISA has added seven additional vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog following evidence confirming active exploitation activity affecting Microsoft Windows, Microsoft Internet Explorer, Microsoft Defender, Microsoft DirectX, and Adobe Acrobat and Reader environments.

The newly added vulnerabilities include:

• CVE-2008-4250 — Microsoft Windows Buffer Overflow Vulnerability
• CVE-2009-1537 — Microsoft DirectX NULL Byte Overwrite Vulnerability
• CVE-2009-3459 — Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
• CVE-2010-0249 — Microsoft Internet Explorer Use-After-Free Vulnerability
• CVE-2010-0806 — Microsoft Internet Explorer Use-After-Free Vulnerability
• CVE-2026-41091 — Microsoft Defender Elevation of Privilege Vulnerability
• CVE-2026-45498 — Microsoft Defender Denial of Service Vulnerability

---

Core Narrative

According to CISA, the vulnerabilities were added to the KEV Catalog based on evidence of active exploitation activity targeting affected systems.

Several of the vulnerabilities involve older Microsoft and Adobe software components historically associated with exploit kits, malicious document delivery, browser compromise activity, and malware deployment campaigns.

The addition of two Microsoft Defender vulnerabilities also highlights the growing focus attackers place on endpoint protection infrastructure capable of providing elevated access opportunities or operational disruption during intrusion activity.

CISA warned that KEV-listed vulnerabilities continue serving as common attack vectors used by malicious cyber actors against government agencies, enterprise environments, and organizations operating outdated or improperly maintained systems.

---

Infrastructure at Risk

• Federal civilian networks
• Enterprise Windows environments
• Legacy Microsoft deployments
• Organizations using outdated Internet Explorer components
• Adobe Acrobat and Reader environments
• Microsoft Defender installations
• Government agencies
• Critical infrastructure networks
• Educational and healthcare systems

---

Policy / Allied Pressure

The KEV additions fall under Binding Operational Directive 22-01, which requires Federal Civilian Executive Branch agencies to remediate vulnerabilities listed within the KEV Catalog by assigned deadlines.

CISA stated the catalog functions as a living operational list of vulnerabilities carrying significant risk to federal infrastructure due to confirmed exploitation activity.

BOD 22-01 formally applies to federal civilian agencies, CISA continues urging all organizations to prioritize remediation of KEV-listed vulnerabilities as part of broader vulnerability management operations.

---

Vendor Defense / Reliance

Microsoft and Adobe previously released security updates addressing several of the older vulnerabilities included in the KEV update.

Organizations are being urged to:

• Apply available security patches
• Remove unsupported software environments
• Review endpoint protection integrity
• Conduct vulnerability scanning
• Monitor for exploitation indicators
• Accelerate remediation timelines for KEV-listed assets

---

Forecast — 30 Days

• Increased scanning for legacy Microsoft vulnerabilities likely
• Older browser exploitation chains may reappear in phishing campaigns
• Additional KEV additions involving legacy systems possible
• Threat actors may continue targeting outdated enterprise infrastructure
• Federal patch compliance pressure expected to increase

---

TRJ Verdict

The latest KEV additions reinforce a continuing cybersecurity reality: vulnerabilities do not disappear simply because they are old.

Many attackers continue targeting legacy software, outdated infrastructure, and delayed patch environments because those systems remain active inside enterprise and government networks years after vulnerabilities were first disclosed.

The addition of both historical Microsoft vulnerabilities and modern Microsoft Defender flaws demonstrates how attackers continue searching for weaknesses across both aging infrastructure and modern defensive systems simultaneously.

Organizations delaying remediation of KEV-listed vulnerabilities continue increasing their exposure to active compromise activity.

---

---

---

---

---

---

---

---

🔥 NOW AVAILABLE! 🔥

‎👉 Eclipsera – Apple Music

---

---

---

---

---