Federal agencies have been ordered to patch their Linux servers against PwnKit within three weeks. The most astounding part is that it remained hidden for over 12 years since pkexec’s first release. Successful exploitation of the flaw could induce pkexec to execute arbitrary code. Organizations are recommended to prioritize timely remediation of the issues in order to mitigate any potential risk of exposure to cyberattacks.