CISO Intelligence: Critical Vulnerabilities Demand Immediate Action

Three critical vulnerabilities are being actively exploited, with federal agencies under deadline pressure to patch by February 13th. Meanwhile, Fortinet's 24th appearance on the CISA KEV list raises serious questions about vendor security practices.

Microsoft Office Zero-Day Bypasses Security Features

CVE-2026-21509 represents the worst kind of vulnerability: actively exploited with complex mitigation requirements. The emergency patch released January 27th addresses a security feature bypass in Office 2016-365 where malicious files can circumvent OLE protections.

What makes this critical: Attackers are already using this in the wild, and the mitigation isn't just "install the patch"—it requires specific registry modifications across your entire Office deployment.

CISO Action: Emergency patch deployment with registry modifications. No workarounds available.

Fortinet's Recurring Zero-Day Problem

CVE-2026-24858 marks Fortinet's 24th appearance on CISA's Known Exploited Vulnerabilities catalog—a troubling pattern for a vendor protecting critical infrastructure. This authentication bypass (CVSS 9.8) affects FortiOS, FortiManager, and FortiAnalyzer, allowing complete SSO bypasses.

The scope is staggering: Approximately 10,000 FortiCloud SSO instances globally, with 25% US-based. Attackers are reconfiguring firewalls and creating unauthorized administrative accounts.

This is the 14th Coalition zero-day advisory for Fortinet in four years. At what point do we acknowledge a systematic security engineering problem?

CISO Action: Immediate audit of all Fortinet deployments. Consider vendor diversification strategies.

VMware vCenter Under Federal Deadline

CVE-2024-37079 in VMware vCenter Server enables remote code execution via heap overflow in DCERPC. CISA has confirmed active exploitation and mandated federal agencies patch by February 13th.

No workarounds exist. This is patch-or-risk-compromise.

CISO Action: Emergency patching of all vCenter instances before February 13th. Coordinate with infrastructure teams now.

The Enterprise Vendor Trust Problem

Today's threat landscape exposes a fundamental problem: we're building critical infrastructure on vendors with systematic security weaknesses. When a single vendor accumulates 24 entries on CISA's exploit list, that's not random chance—it's a pattern.

Strategic recommendation: Diversify your security vendor portfolio. Single points of failure in cybersecurity architecture create single points of exploitation for adversaries.

---

Jonathan Care has 33 years in cybersecurity and fraud detection. These are his personal views, not those of his employer.