Active exploitation of old Microsoft bugs prompt CISA catalog inclusion

The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include four old Microsoft security issues, reports The Register.

Oldest of the flaws is the insecure library loading defect in Microsoft Visual Basic for Applications, tracked as CVE-2012-1854, which could be weaponized to achieve remote code execution. On the other hand, the Microsoft Exchange Server deserialization of untrusted data bug, tracked as CVE-2023-21529, was included to the CISA list after being leveraged by Chinese financially motivated threat operation Storm-1175 to spread the Medusa ransomware. CISA has also added the Windows link-following flaw, tracked as CVE-2025-60710, and the Windows Common Log File System Driver issue, tracked as CVE-2023-36424, both of which could facilitate privilege escalation.

Also published to the KEV catalog were a pair of Adobe vulnerabilities impacting Acrobat, tracked as CVE-2020-9715, and both Acrobat and Reader, tracked as CVE-2026-34621. All security issues should be addressed by federal civilian executive branch agencies by Apr. 27.