CISA has added four actively exploited Microsoft vulnerabilities to its KEV catalog, including a 14-year-old Visual Basic for Applications flaw (CVE-2012-1854) and an Exchange Server bug (CVE-2023-21529, CVSS 8.8) used by the Storm-1175 group for initial access and Medusa ransomware deployment. The other two are Windows privilege escalation flaws (CVE-2025-60710 and CVE-2023-36424, both CVSS 7.8). Federal agencies are mandated to patch by April 27, 2026, and all organizations should prioritize applying the relevant updates for their specific affected Windows and Exchange Server versions.
Patches Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum One was patched almost 14 years ago Jessica Lyons Mon 13 Apr 2026 // 21:35 UTC Crooks are exploiting four Microsoft vulnerabilities - one patched 14 years ago and another tied to ransomware activity - according to America's lead cyber-defense agency, which on Monday gave federal agencies two weeks to patch them. The four vulnerabilities added to CISA's Known Exploited Vulnerabilities (KEV) catalog on Monday are: CVE-2025-60710 , a link-following vulnerability in Windows that allows privilege escalation. After initially disclosing this bug in November 2025, Redmond fully fixed it a month later. CVE-2023-36424 , a Windows Common Log File System Driver flaw that allows privilege escalation. Microsoft patched this one in November 2023. CVE-2023-21529 , a deserialization of untrusted data issue in Microsoft Exchange Server that allows an authenticated attacker to achieve remote code execution (RCE). Redmond disclosed and patched the bug in February 2023. Just last week, Microsoft's threat hunters warned that a financially motivated crime crew tracked as Storm-1175 is exploiting this Exchange bug, plus 15 others, to gain initial access to organizations before ultimately stealing their data and deploying Medusa ransomware in extortion attacks. CVE-2012-1854 , an insecure library loading vulnerability in Microsoft Visual Basic for Applications that allows RCE. Microsoft pushed a security fix for this one in July 2012, and then a second software update in November 2012 that fully patched the flaw. At the time, Redmond said it was " aware of limited, targeted attacks attempting to exploit the vulnerability." This means a flaw first exploited almost 14 years ago is still turning up in active attacks today. Attackers exploited this critical FortiClient EMS bug as a 0-day Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried Adobe finally patches PDF pest after months of abuse Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise We've reached out to Microsoft for more details about the scope of exploitation, and who is attacking these four CVEs, and will update this story if we receive any response to our inquiries. CISA lists ransomware use for all four as "unknown," although according to Redmond, at least one of them (CVE-2023-21529) has been abused for this type of attack. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned in adding the bugs to its catalog, and set an April 27 deadline for all federal agencies to apply patches. Also on Monday, CISA added two Adobe bugs, a use-after-free vuln in Acrobat tracked as CVE-2020-9715 , and a prototype pollution flaw tracked as CVE-2026-34621 that affected both Adobe Acrobat and Reader, to the KEV. The latter had been exploited as a zero-day for months , and Adobe finally released a patch over the weekend. ® Share More about Cybercrime Cybersecurity and Infrastructure Security Agency Microsoft More like these × More about Cybercrime Cybersecurity and Infrastructure Security Agency Microsoft Patch Management Security Narrower topics 2FA Active Directory Advanced persistent threat Application Delivery Controller Authentication Azure BEC Bing Black Hat BSides BSoD Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybersecurity Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Excel Exchange Server Exploit Firewall Google Project Zero Hacker Hacking Hacktivism HoloLens Identity Theft Incident response Infosec Infrastructure Security Internet Explorer Kenna Security LinkedIn Microsoft 365 Microsoft Build Microsoft Edge Microsoft Fabric Microsoft Ignite Microsoft Office Microsoft Surface Microsoft Teams NCSAM NCSC .NET Office 365 OS/2 Outlook Palo Alto Networks Password Patch Tuesday Personally Identifiable Information Phishing Pluton Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference SharePoint Skype Software Bill of Materials Spamming Spyware SQL Server Surveillance TLS Trojan Trusted Platform Module Visual Studio Visual Studio Code Vulnerability Wannacry Windows Windows 10 Windows 11 Windows 7 Windows 8 Windows Server Windows Server 2003 Windows Server 2008 Windows Server 2012 Windows Server 2013 Windows Server 2016 Windows Subsystem for Linux Windows XP Xbox Xbox 360 Zero trust Broader topics Bill Gates Federal government of the United States More about Share POST A COMMENT More about Cybercrime Cybersecurity and Infrastructure Security Agency Microsoft More like these × More about Cybercrime Cybersecurity and Infrastructure Security Agency Microsoft Patch Management Security Narrower topics 2FA Active Directory Advanced persistent threat Application Delivery Controller Authentication Azure BEC Bing Black Hat BSides BSoD Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybersecurity Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Excel Exchange Server Exploit Firewall Google Project Zero Hacker Hacking Hacktivism HoloLens Identity Theft Incident response Infosec Infrastructure Security Internet Explorer Kenna Security LinkedIn Microsoft 365 Microsoft Build Microsoft Edge Microsoft Fabric Microsoft Ignite Microsoft Office Microsoft Surface Microsoft Teams NCSAM NCSC .NET Office 365 OS/2 Outlook Palo Alto Networks Password Patch Tuesday Personally Identifiable Information Phishing Pluton Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference SharePoint Skype Software Bill of Materials Spamming Spyware SQL Server Surveillance TLS Trojan Trusted Platform Module Visual Studio Visual Studio Code Vulnerability Wannacry Windows Windows 10 Windows 11 Windows 7 Windows 8 Windows Server Windows Server 2003 Windows Server 2008 Windows Server 2012 Windows Server 2013 Windows Server 2016 Windows Subsystem for Linux Windows XP Xbox Xbox 360 Zero trust Broader topics Bill Gates Federal government of the United States TIP US OFF Send us news