CISA Urges Action on Critical Microsoft, WinRAR Vulnerabilities by September 2, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive for federal agencies to address critical vulnerabilities in Microsoft 365, Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR by September 2, 2025. The move comes after adding these flaws to its Known Exploited Vulnerabilities catalog.
CISA has identified several vulnerabilities that pose significant risks. These include CVE-2013-3893 in Microsoft 365 Internet Explorer, exploited in 2013's Operation DeputyDog, and CVE-2007-0671 in Microsoft Office Excel, used in zero-day attacks against various Excel versions. Notably, CVE-2025-8088 in WinRAR was exploited recently to deliver RomCom malware via phishing attacks.
Private organizations are urged to review CISA's catalog and address these vulnerabilities in their infrastructure. The National Cyber Security Centre (NCSC) of the Netherlands recently informed ESET researchers about the WinRAR vulnerability, highlighting the ongoing threat.
Federal agencies must comply with CISA's directive and fix the vulnerabilities by the given deadline. Private organizations are advised to follow suit to protect against potential attacks exploiting these flaws. Timely action is crucial to mitigate the risks associated with these known vulnerabilities.
