Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】CISA Adds Two Known Exploited Vulnerabilities to the KEV Catalog (2026/01/05–2026/01/11)

publish date : 2026-01-23 update date : 2026-01-23

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026011302011616 Publication Time 2026/01/13 14:38
Incident Type ANA-Vulnerability Alert Discovery Time 2026/01/13 14:38
Impact Level Low  
[Subject]
【Vulnerability Alert】CISA Adds Two Known Exploited Vulnerabilities to the KEV Catalog (2026/01/05–2026/01/11)

[Content]
Forwarded from TWCERTCC-200-202601-00000006

【CVE-2009-0556】Microsoft Office PowerPoint Code Injection Vulnerability (CVSS v3.1: 8.8)

【Whether Ransomware Exploitation Occurred: Unknown】 A code injection vulnerability exists in Microsoft Office PowerPoint. Remote attackers can trigger memory corruption by using a PowerPoint file containing an OutlineTextRefAtom with invalid index values, thereby executing arbitrary code.

【CVE-2025-37164】Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability (CVSS v3.1: 10.0)

【Whether Ransomware Exploitation Occurred: Unknown】 A code injection vulnerability exists in Hewlett Packard Enterprise (HPE) OneView, allowing unauthenticated remote users to perform remote code execution."

(Information Sharing Level: WHITE (Information content can be publicly disclosed)

[Affected Platform]
【CVE-2009-0556】Please refer to the affected versions listed by the official source:

https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017

【CVE-2025-37164】Please refer to the affected versions listed by the official source:

https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free

[Recommended Actions]
【CVE-2009-0556】The vendor has released a patch for this vulnerability. Please update to the relevant versions:

https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017

【CVE-2025-37164】The vendor has released a patch for this vulnerability. Please update to the relevant versions:

https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free
[Reference]
 
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print