A joint advisory by CISA, urges organizations to implement secure by design practices and prioritize patching known exploited vulnerabilities to reduce risk of compromise.

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), Computer Emergency Response Team New Zealand (CERT NZ) and the United Kingdom’s National Cyber Security Centre (NCSC-UK) recently published an advisory on the common vulnerabilities and exposures (CVEs), to include associated common weakness enumeration (CWE), that were routinely and frequently exploited by malicious actors last year.

The joint Cybersecurity Advisory, titled “2022 Top Routinely Exploited Vulnerabilities,” provides technical background details on the 12 most exploited vulnerabilities and an overview of an additional 30 vulnerabilities often used to compromise organizations, including specific details that organizations can use to identify and mitigate their exposure.

For the first time, this advisory outlines the CWEs associated with these vulnerabilities, which reflects the underlying root causes that led to the exploited vulnerability. In order to reduce the prevalence of common classes of vulnerabilities, this advisory urges technology vendors to implement specific secure by design principles and to ensure that all published CVEs include the proper CWE identifying the root cause of the vulnerability.