CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector Action
Summary
Hide ▲
Show ▼
CERT-In published new guidance on May 25 urging Indian organizations to patch actively exploited internet-facing vulnerabilities within 12 hours, tightening response expectations for exposed systems. The blueprint links the change to AI-assisted reconnaissance, vulnerability discovery, phishing and malware development, which shortens the defender window. It also tells organizations to prioritize KEVs and EPSS over severity scores alone when deciding what to fix first. Where no patch exists, the guidance recommends interim controls such as isolation, access restriction or WAF protection.
Related Happenings
CISA BOD 26-04 three-day remediation directive
Public Sector Action
H score36
First: 24.06.2026 17:35
Last: 24.06.2026 17:35
Sources 1
About this happening:
CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...
CISA BOD 26-04 three-day remediation directive
Public Sector ActionAbout this happening: CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...
CERT-In 12-hour KEV remediation guidance
Advisory/Mitigation
H score39
First: 26.05.2026 13:30
Last: 26.05.2026 13:30
Sources 1
How related:
CERT-In set an indicative 12-hour expectation for containing or remediating known exploited vulnerabilities (KEVs) on "internet-facing and crown-jewel systems."
About this happening:
CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CERT-In 12-hour KEV remediation guidance
Advisory/MitigationHow related: CERT-In set an indicative 12-hour expectation for containing or remediating known exploited vulnerabilities (KEVs) on "internet-facing and crown-jewel systems."
About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...
CERT-In issues rapid patching guidelines for internet-facing systems
Public Sector Action
H score38
First: 26.05.2026 12:13
Last: 26.05.2026 12:13
Sources 1
About this happening:
**CERT-In** issued **new guidelines** requiring organizations to patch **internet-exposed critical vulnerabilities** within **12 hours** where feasible, tightening defensive timel...
CERT-In issues rapid patching guidelines for internet-facing systems
Public Sector ActionAbout this happening: **CERT-In** issued **new guidelines** requiring organizations to patch **internet-exposed critical vulnerabilities** within **12 hours** where feasible, tightening defensive timel...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/Mitigation
H score44
First: 15.05.2026 12:40
Last: 15.05.2026 12:40
Sources 1
About this happening:
**Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/MitigationAbout this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Latest development: 15.05.2026 15:35
Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.
ICO releases five-step AI cyber guidance
Public Sector Action
H score18
First: 14.05.2026 12:00
Last: 14.05.2026 12:00
Sources 1
About this happening:
The **UK Information Commissioner’s Office (ICO)** released a **five-step guide** urging organizations to prepare for **AI-powered cyber threats**, making it clear that stronger r...
ICO releases five-step AI cyber guidance
Public Sector ActionAbout this happening: The **UK Information Commissioner’s Office (ICO)** released a **five-step guide** urging organizations to prepare for **AI-powered cyber threats**, making it clear that stronger r...
Timeline
-
26.05.2026 13:30 2 articles · 1mo ago
Initial report: CERT-In issues 12-hour patch guidance for Indian organizations
Initial DisclosureOn **May 25**, **CERT-In** released a blueprint that sets an indicative **12-hour** remediation target for known exploited vulnerabilities on exposed systems. It pairs that timetable with AI-focused security controls and existing incident-reporting expectations for organizations in India.
Show sources
- India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws — www.infosecurity-magazine.com — 26.05.2026 13:30
- India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws — www.infosecurity-magazine.com — 26.05.2026 13:30