<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Consolas;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xmsolistparagraph, li.xmsolistparagraph, div.xmsolistparagraph
{mso-style-name:x_msolistparagraph;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xmsonormal0, li.xmsonormal0, div.xmsonormal0
{mso-style-name:x_msonormal0;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xcodestyle, li.xcodestyle, div.xcodestyle
{mso-style-name:x_codestyle;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Georgia",serif;}
p.xmsochpdefault, li.xmsochpdefault, div.xmsochpdefault
{mso-style-name:x_msochpdefault;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman",serif;}
span.xmsohyperlink
{mso-style-name:x_msohyperlink;
color:blue;
text-decoration:underline;}
span.xmsohyperlinkfollowed
{mso-style-name:x_msohyperlinkfollowed;
color:purple;
text-decoration:underline;}
span.xhtmlpreformattedchar
{mso-style-name:x_htmlpreformattedchar;
font-family:Consolas;}
span.xcodestylechar
{mso-style-name:x_codestylechar;
font-family:"Georgia",serif;}
span.xemailstyle24
{mso-style-name:x_emailstyle24;
font-family:"Calibri",sans-serif;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.xemailstyle25
{mso-style-name:x_emailstyle25;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.xemailstyle26
{mso-style-name:x_emailstyle26;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle33
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Tony / Anne,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Calibri",sans-serif;color:#1F497D">The computer center is on our case about getting our server updated. The web certificate problem was not the only problem with our servers. The code is not supported
and no updates are available. The Java is many revisions behind. I understand that we are trying to help everyone to be productive during this time but we need to be able to have some dedicated time to get these server issues fixed. We can do some bouncing
around but the more disruptions the harder it is to complete a single task. Digging into this code and following the logic takes some concentrated time.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Please advise as to how to proceed and/or speak to the computer center.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thank you for your support.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Valerie<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Pansophy <pansophy-bounces@jlab.org>
<b>On Behalf Of </b>Valerie Bookwalter<br>
<b>Sent:</b> Wednesday, March 25, 2020 9:09 AM<br>
<b>To:</b> Kari Heffner <heffner@jlab.org>; Bobby Lawrence <robertl@jlab.org><br>
<b>Cc:</b> pansophy <pansophy@jlab.org><br>
<b>Subject:</b> Re: [Pansophy] MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Kari,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">This has been a real struggle/problem for me with my supervisors for the last 18 months. Support for the LCLS-II and CM refurbish (high energy reach) projects have been made a priority
and all other work was put on hold. Last fall I finally got an ok to start the transitions but the projects had to remain priority #1. When work on SNSPPU and L2HE started it just compounded the situation.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">The good news (about COVID-19) is that all those projects have been put on hold, except for what can be done online (traveler / procedure writing). I am currently working on the
modifications that need to be made to make the new CF2018 server live. I am hoping by the end of next week I can have the most pressing problems dealt with so we can convert. Afterwards we can then concentrate on the security holes in our system.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">I apologize that this is taking so long and I am working on it.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Thank You for your support.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Valerie<o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="3" width="98%" align="center">
</div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Kari Heffner <<a href="mailto:heffner@jlab.org">heffner@jlab.org</a>><br>
<b>Sent:</b> Tuesday, March 24, 2020 5:38 PM<br>
<b>To:</b> Valerie Bookwalter <<a href="mailto:bookwalt@jlab.org">bookwalt@jlab.org</a>><br>
<b>Cc:</b> Bobby Lawrence <<a href="mailto:robertl@jlab.org">robertl@jlab.org</a>><br>
<b>Subject:</b> FW: MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE</span>
<o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="xmsonormal">Valerie, see the below for important security updates for the pansophy ColdFusion server. There are no updates for CF10 and so you need to be on a supported version of CF. In order to get your servers updated, bobby needs to get you all
to the new server version he installed a while ago. When do you think that can happen?<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">Thanks!<o:p></o:p></p>
<p class="xmsonormal">Kari<o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Bobby Lawrence <<a href="mailto:robertl@jlab.org">robertl@jlab.org</a>>
<br>
<b>Sent:</b> Tuesday, March 24, 2020 4:54 PM<br>
<b>To:</b> Kari Heffner <<a href="mailto:heffner@jlab.org">heffner@jlab.org</a>>; Dana Cochran <<a href="mailto:cochran@jlab.org">cochran@jlab.org</a>><br>
<b>Subject:</b> FW: MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE</span><o:p></o:p></p>
</div>
</div>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Looks like we have CF updates to do. I just logged into miswebvm1 and there is an update available to apply</span><o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Greg Nowicki <<a href="mailto:gnowicki@jlab.org">gnowicki@jlab.org</a>>
<br>
<b>Sent:</b> Tuesday, March 24, 2020 4:50 PM<br>
<b>To:</b> Bobby Lawrence <<a href="mailto:robertl@jlab.org">robertl@jlab.org</a>><br>
<b>Cc:</b> David Sheppard <<a href="mailto:sheppard@jlab.org">sheppard@jlab.org</a>>;
<a href="mailto:secops@jlab.org">secops@jlab.org</a>; <a href="mailto:seclog@jlab.org">
seclog@jlab.org</a><br>
<b>Subject:</b> Fw: MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE</span><o:p></o:p></p>
</div>
</div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:black">FYI. Looks like we have some serious vulnerabilities in ColdFusion.</span><o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:black"> </span><o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:black">Greg</span><o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:black"> </span><o:p></o:p></p>
</div>
<div>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:black"> </span><o:p></o:p></p>
</div>
<div style="margin-left:.5in">
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="3" width="98%" align="center">
</div>
</div>
<div id="x_divRplyFwdMsg">
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> MS-ISAC Advisory <<a href="mailto:MS-ISAC.Advisory@msisac.org">MS-ISAC.Advisory@msisac.org</a>><br>
<b>Sent:</b> Wednesday, March 18, 2020 21:49<br>
<b>To:</b> Thomas Duffy <<a href="mailto:Thomas.Duffy@cisecurity.org">Thomas.Duffy@cisecurity.org</a>><br>
<b>Subject:</b> [EXTERNAL] MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE</span>
<o:p></o:p></p>
<div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="xmsonormal" align="center" style="margin-left:.5in;text-align:center"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">TLP: WHITE</span></b><o:p></o:p></p>
<p class="xmsonormal" align="center" style="margin-left:.5in;text-align:center"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">MS-ISAC CYBERSECURITY ADVISORY</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">MS-ISAC ADVISORY NUMBER:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">2020-039</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">DATE(S) ISSUED:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">03/18/2020</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">SUBJECT:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">OVERVIEW:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple vulnerabilities have been discovered in Adobe Photoshop, ColdFusion, and Bridge that could allow for arbitrary code execution. Adobe Photoshop
is a graphics editor program. Adobe Bridge is a file management application that manages files across multiple Adobe programs. Adobe ColdFusion is a rapid web-application development platform used to create and maintain web applications. Successful exploitation
of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create
new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">THREAT INTELLIGENCE:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">There are no reports of these vulnerabilities being exploited in the wild.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">SYSTEMS AFFECTED:</span></b><o:p></o:p></p>
<p class="xmsolistparagraph" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Adobe Bridge version 10.0 and earlier versions</span><o:p></o:p></p>
<p class="xmsolistparagraph" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Adobe ColdFusion 2016 Update 13 and earlier versions</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Adobe ColdFusion 2018 Update 7 and earlier versions</span><o:p></o:p></p>
<p class="xmsolistparagraph" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Adobe Photoshop CC 2019 version 20.0.8 and earlier versions</span><o:p></o:p></p>
<p class="xmsolistparagraph" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Adobe Photoshop 2020 version 21.1 and earlier versions</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">RISK:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Government:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Large and medium government entities:
<b>High</b></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Small government entities:
<b>Medium</b></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Businesses:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Large and medium business entities:
<b>High</b></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Small business entities:
<b>Medium</b></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Home users: Low</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">TECHNICAL SUMMARY:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple vulnerabilities have been discovered in Adobe Photoshop, ColdFusion, and Bridge that could allow for arbitrary code execution. The vulnerabilities
are as follows:</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsolistparagraph" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Out-of-bounds write vulnerability could allow for Arbitrary Code Execution. (CVE-2020-9551)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Heap-based buffer overflow vulnerability could allow for Arbitrary Code Execution. (CVE-2020-9552)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Remote file read vulnerability could allow for Arbitrary File Read from the ColdFusion install directory. (CVE-2020-3761)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">File inclusion vulnerability could allow for Arbitrary Code Execution of files located in the webroot or its subdirectory (CVE-2020-3794)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Heap corruption vulnerability that could allow for Arbitrary Code Execution. (CVE-2020-3783)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple Memory corruption vulnerabilities that could allow for Arbitrary Code Execution. (CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788, CVE-2020-3789, CVE-2020-3790)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple Out-of-bounds read vulnerabilities that could allow for Information Disclosure. (CVE-2020-3771, CVE-2020-3777, CVE-2020-3778, CVE-2020-3781, CVE-2020-3782, CVE-2020-3791)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple Out-of-bounds write vulnerabilities that could allow for Arbitrary Code Execution. (CVE-2020-3773, CVE-2020-3779)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple Buffer errors vulnerabilities that could allow for Arbitrary Code Execution. (CVE-2020-3770, CVE-2020-3772, CVE-2020-3774, CVE-2020-3775, CVE-2020-3776, CVE-2020-3780)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending
on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted
than those who operate with administrative user rights.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">RECOMMENDATIONS:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">We recommend the following actions be taken:</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Install updates provided by Adobe and related Coldfusion JDK/JRE versions immediately after appropriate testing.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Remind users not to visit websites or follow links provided by unknown or untrusted sources.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Apply the Principle of Least Privilege to all systems and services.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">REFERENCES:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">ADOBE:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=8L4VaFdWBML2rV7ll5Prvn-Ln1YNGftY5mc3JZGy1AQ&e=">https://helpx.adobe.com/security.html</a>
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security_products_bridge_apsb20-2D17.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=gz5y_UMZu6dh-mpYEHeqyJCYMojsx6CUqESdq3ICobk&e=">https://helpx.adobe.com/security/products/bridge/apsb20-17.html</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security_products_coldfusion_apsb20-2D16.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=QVHvwCuB-h-oFtN0a9Qj0y8-osjlOOjC1D9AX_RFt8o&e=">https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security_products_photoshop_apsb20-2D14.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=SGbb-4HsGR6HZYhh6ia9QlvUHVFUqqiITCNWAURdDxU&e=">https://helpx.adobe.com/security/products/photoshop/apsb20-14.html</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">CVE:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3761&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=GFNcPCmgiVNGfLU2ZRQqyZNRQhfRy7ZfzbXMflN6U-0&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3761</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3770&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=KwWSmgI0CB1PcuGE2f0l08FTg1TKzrIkZ6OEZWPXDYk&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3770</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3771&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=P1bfT5UbNLbqB8HExhu0oQZm7eRk6ELRP3kkDhgp4kY&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3771</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3772&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=8Fjuv3Y4FCHe2CiLCsbe-IE0H6MStlQoknbv6L_7Y7Q&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3772</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3773&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=LLxmvx25QJxvD0DY-1VFFQvP-Mfe2W2hFhHfoxWZ78Q&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3773</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3774&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=5meBk8mvpV3zSXN49pAv3Cg8rVmJBjabay4uLZUuOfU&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3774</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3775&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=wK9ELuhpGKU-GzpmwkyzYapd2iE2qwPGZ85gvVid4zQ&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3775</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3776&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=OG66tOQI0EX6_fm6R8Y1uhwRzCaxx3N9E55heCf1tbo&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3776</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3777&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=bDtEI37fzBqOVt3_eOVCm6eem83aXQVe1NF0hDAQWE0&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3777</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3778&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=n6Z0WNu9nRpiFySoKGoarswPH7ggZJvXiYDjtHXPMmw&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3778</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3779&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=G3SS3YmyofAwxkC7tP6NFhdZEcgOzOv02cpA46cqy7k&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3779</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3780&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=m-eSXj2o1_vLJnNegnN-F3UozUJhm75vdGz1X1a8eKo&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3780</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3781&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=-4XHeIsMOrxgQZx1bOgzfVv7UY434eHn-vNx4E7rw2g&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3781</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3782&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=qlh6vHVWrDV4Gwo2_HH0dl5OPWfTSxhPhudJ1KTT2Eo&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3782</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3783&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=_AE2zZN6UtUdQiSr493rGA0bj9z-aiKegD8HiPlh9po&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3783</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3784&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=L7ZfjWVAi-VqxJEMDPOfJFEEwgOgYLk0FppXyhhOcpM&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3784</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3785&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=bXrSK6Jz-XXFod04wR8fPcr9el9qlDVM51smbs31cAI&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3785</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3786&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=jsqumk0Es9iAnTO6wSyO0IyMOcxRnnwa-TkzbfDER3w&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3786</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3787&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=W90p9yO0EPzMP08p9GR93BEGUkdNRWHWbmTQS7C5BcQ&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3787</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3788&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=UdUAlpjJ0-eQxF76yxa-UdPC2SFXulrjEbCtabhsodY&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3788</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3789&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=u2paLgtvtlJRRAA6gXJaAaCZtN6ILoBcr7HYCleP4d8&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3789</a>
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3790&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=LUPJ3GTw1Yw6BglFEK3nPNXXvMTi4mG8AAq6z5ghKsQ&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3790</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3791&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=jyj-SUl2JHz1lSyZI3etRro716Ur23Vg7L9hSS2FURI&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3791</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3794&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=RHpI2Rfl7cU3Fp23TYQuRqhRUgjXz5fIL8Qonu1kvXQ&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3794</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D9551&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=F7QCfETGEHTi3ZIqg1OwwZF6CZlOdj457mvm0gYHndc&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9551</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D9552&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=8EgkLfA8VKgFO1UHRo5-DFNHoJAKyKScp7nC9ULtDTA&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9552</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">24×7 Security Operations Center</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">Multi-State Information Sharing and Analysis Center (MS-ISAC)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">31 Tech Valley Drive</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">East Greenbush, NY 12061</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black"><a href="mailto:SOC@cisecurity.org"><span style="color:#954F72">SOC@cisecurity.org</span></a> - 1-866-787-4722
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><img border="0" width="313" height="53" style="width:3.2583in;height:.55in" id="x_Picture_x0020_11" src="cid:image001.jpg@01D5FD6D.61EC8210" alt="cid:image001.jpg@01D40C67.01A3BDE0"></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_CenterforIntSec_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=E_x3D_2BAVbE2Rf8feq2NgaceAjBx01bX9YZJLovbc4&e="><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.2416in;height:.25in" id="x_Picture_x0020_10" src="cid:image002.png@01D5FD6D.61EC8210" alt="cid:image002.png@01D291DE.F838E090"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_CISecurity_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=lFdse_-DieTBN9Jwgw7eZVSq7MxI0eFI4MkWOItW2vI&e="><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.2416in;height:.25in" id="x_Picture_x0020_9" src="cid:image003.png@01D5FD6D.61EC8210" alt="cid:image003.png@01D291DE.F838E090"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_user_TheCISecurity_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=3PL2tQmINgFo33iwlKosj2RhzRCFJnZwUMYX4Jbuo-A&e="><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.2416in;height:.25in" id="x_Picture_x0020_8" src="cid:image004.png@01D5FD6D.61EC8210" alt="cid:image004.png@01D291DE.F838E090"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_the-2Dcenter-2Dfor-2Dinternet-2Dsecurity_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=KrO7lzwBzM3k4BhinlHzCilRM2mC-n1G5aMKKO68JJM&e="><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.2416in;height:.25in" id="x_Picture_x0020_7" src="cid:image005.png@01D5FD6D.61EC8210" alt="cid:image005.png@01D291DE.F838E090"></span></a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" align="center" style="margin-left:.5in;text-align:center"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">TLP: WHITE</span></b><o:p></o:p></p>
<p class="xmsonormal" align="center" style="margin-left:.5in;text-align:center"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">Disclosure is not limited. Subject to standard copyright rules, TLP: WHITE information may be distributed
without restriction.</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><o:p></o:p></p>
</div>
<p class="xmsonormal" style="margin-left:.5in">This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments
is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
<br>
<br>
. . . . . <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>