[Pansophy] MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE

Thu Mar 26 11:30:28 EDT 2020

Yes Anne.  We believe that at 80% and the reduced number of absolute changes to be made, we would be able to get the server converted in 1-2 weeks. We are all chatting now trying to break up the tasks to complete as quickly as possible.

I am very concerned about the impression the computer center has on our ability to maintain a valid system and the security risks we are causing. It does not bode well for Pansophy or SRF.

From: E. Anne McEwen <mcewen at jlab.org>
Sent: Thursday, March 26, 2020 11:27 AM
To: Valerie Bookwalter <bookwalt at jlab.org>
Cc: Tony Reilly <areilly at jlab.org>
Subject: RE: [Pansophy] MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE

Hi Valerie

I based my response on what was discussed last fall - however am happy to clarify this with Katherine to make it more clear

So will let her know that 80% of your time (you and Megan for 1-2 weeks) - could you confirm ?

Thanks Anne

From: Valerie Bookwalter <bookwalt at jlab.org<mailto:bookwalt at jlab.org>>
Sent: Thursday, March 26, 2020 11:24 AM
To: E. Anne McEwen <mcewen at jlab.org<mailto:mcewen at jlab.org>>
Cc: Tony Reilly <areilly at jlab.org<mailto:areilly at jlab.org>>
Subject: RE: [Pansophy] MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE

Anne,

At this point 25% and 50% would not be enough to complete in a reasonable time.
I guess I'm asking for 80% of all our time for the next week. We have reduced the mandatory changes that need to be done versus what changes can be made when the new server is in place. We can minimize the sql/security changes needed prior to upgrading and concentrate on those changes that prevent everyone from working. Since we are still locked behind the firewall we can wait for those changes to be made.

Also, Megan has had 0% time to work on this upgrade and Mike may have had 10%. The projects are consuming all the time they can.

And upgrading this servers means testing and validating 3200 files. It requires a block of time to complete each task. I'm sure you encounter this when you are doing the "business management" projects. It is very easy to lose your place and remember where you were in your changes so as not to duplicate effort or type in the wrong data.

Please advise.

Thank You

Valerie

From: E. Anne McEwen <mcewen at jlab.org<mailto:mcewen at jlab.org>>
Sent: Thursday, March 26, 2020 11:01 AM
To: Valerie Bookwalter <bookwalt at jlab.org<mailto:bookwalt at jlab.org>>
Cc: Tony Reilly <areilly at jlab.org<mailto:areilly at jlab.org>>
Subject: FW: [Pansophy] MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE

Hi Valerie

FYI-    Just wanted to let you know that Katherine wanted to know how much of your and Megan's time is needed for the server upgrade - my response to her is below

I have also asked to be invited to the SNS PPU SOTR meeting in future (Katherine said not a problem)

Best - Anne

From: E. Anne McEwen
Sent: Thursday, March 26, 2020 10:33 AM
To: Katherine Wilson <kwilson at jlab.org<mailto:kwilson at jlab.org>>; Ed Daly <edaly at JLAB.ORG<mailto:edaly at JLAB.ORG>>
Subject: RE: [Pansophy] MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE

At the start of this year , Valerie requested 50% of Valerie and 25% of Megan + 25% of Mike Dickey for the server & SW upgrades

This has been a big job - but very important to get it done

Thanks for your understanding

Anne

From: Katherine Wilson <kwilson at jlab.org<mailto:kwilson at jlab.org>>
Sent: Thursday, March 26, 2020 9:33 AM
To: E. Anne McEwen <mcewen at jlab.org<mailto:mcewen at jlab.org>>; Ed Daly <edaly at jlab.org<mailto:edaly at jlab.org>>
Subject: RE: [Pansophy] MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE

Anne, can you estimate how much of Valerie/Megan's time is needed for the server upgrade?

Thanks,
Katherine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.jlab.org/pipermail/pansophy/attachments/20200326/fec14bd5/attachment-0001.html>