“These vulnerabilities pose an unacceptable risk to federal network security,” US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said in a statement.
The “emergency directive” from CISA gives agencies five days to either update the vulnerable software or remove it from their networks. The directive does not apply to the Pentagon computer networks, which are not under CISA’s jurisdiction.
The vulnerabilities are in a type of software made by VMware, a California-based technology giant whose products are widely used in the US government.
VMware on April 6 issued a fix for the software flaws, which could allow hackers