CISA orders agencies to patch exploited ConnectWise ScreenConnect and Windows flaws

CISA has added two actively exploited vulnerabilities in ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities catalog. The move gives U.S. federal civilian agencies until May 12, 2026, to apply fixes or mitigations. The two flaws are CVE-2024-1708, a ConnectWise ScreenConnect path traversal vulnerability, and CVE-2026-32202, a Microsoft Windows Shell protection mechanism failure. […] The post CISA orders agencies to patch exploited ConnectWise ScreenConnect and Windows flaws appeared first on VPN Central.