CISA has ordered federal agencies patch bugs in software from Cisco, Microsoft, Adobe, Oracle and more.