The U.S. Cybersecurity and Infrastructure Security Agency has issued an urgent directive requiring federal agencies to patch a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) within four days. The flaw is already being exploited in active zero-day attacks.
CISA's emergency order underscores the critical nature of the vulnerability affecting Ivanti's EPMM platform, a widely deployed mobile device management solution used across government agencies and enterprises.
The vulnerability allows attackers to gain unauthorized access to systems without requiring prior authentication. This capability makes the flaw particularly dangerous, as adversaries can exploit it to infiltrate networks and establish persistence before defenders detect the intrusion.
What Federal Agencies Must Do
Agencies have until the four-day deadline to apply patches or implement mitigations to secure their EPMM deployments. CISA has not disclosed whether patches are currently available or if temporary workarounds are recommended pending a full fix.
The tight timeline reflects the severity of active exploitation. Zero-day vulnerabilities—flaws unknown to the vendor before public disclosure—typically trigger the most aggressive response protocols because attackers have a head start.
Broader Impact
The vulnerability extends beyond federal systems. Private sector organizations using Ivanti EPMM face similar risks. Ivanti has not yet released a public statement detailing the scope of affected versions or available patches, though CISA's guidance may force faster disclosure.
This incident continues a pattern of critical vulnerabilities in widely used enterprise software. Mobile device management platforms represent high-value targets because they control access to sensitive corporate and government data across thousands of endpoints.
Next Steps
Organizations relying on Ivanti EPMM should immediately check CISA's advisories and Ivanti's security bulletins for patch availability and technical details. Those unable to patch within the timeline should isolate affected systems or restrict access until remediation is complete.
Federal agencies must document their remediation efforts to demonstrate compliance with CISA's directive.
Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.
Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.