<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
        {font-family:Georgia;
        panose-1:2 4 5 2 5 4 5 2 3 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:Consolas;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
        {mso-style-name:msonormal;
        margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
        {mso-style-name:x_msonormal;
        margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
p.xmsolistparagraph, li.xmsolistparagraph, div.xmsolistparagraph
        {mso-style-name:x_msolistparagraph;
        margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
p.xmsonormal0, li.xmsonormal0, div.xmsonormal0
        {mso-style-name:x_msonormal0;
        margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
p.xcodestyle, li.xcodestyle, div.xcodestyle
        {mso-style-name:x_codestyle;
        margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Georgia",serif;}
p.xmsochpdefault, li.xmsochpdefault, div.xmsochpdefault
        {mso-style-name:x_msochpdefault;
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Times New Roman",serif;}
span.xmsohyperlink
        {mso-style-name:x_msohyperlink;
        color:blue;
        text-decoration:underline;}
span.xmsohyperlinkfollowed
        {mso-style-name:x_msohyperlinkfollowed;
        color:purple;
        text-decoration:underline;}
span.xhtmlpreformattedchar
        {mso-style-name:x_htmlpreformattedchar;
        font-family:Consolas;}
span.xcodestylechar
        {mso-style-name:x_codestylechar;
        font-family:"Georgia",serif;}
span.xemailstyle24
        {mso-style-name:x_emailstyle24;
        font-family:"Calibri",sans-serif;
        color:windowtext;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;}
span.xemailstyle25
        {mso-style-name:x_emailstyle25;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
span.xemailstyle26
        {mso-style-name:x_emailstyle26;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
span.EmailStyle33
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Valerie, this is great news! I very much appreciate the time, effort, and thought that you have put into this. This will put your software and the overall Lab
 cyber posture in a better place, and I know it means work for you and your group.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Bobby will also reply with actual helpful details – I just wanted to say thank you! I’m excited for the next steps.
</span><span style="font-size:11.0pt;font-family:Wingdings;color:#1F497D">J</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">- Kari<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Valerie Bookwalter <bookwalt@jlab.org>
<br>
<b>Sent:</b> Tuesday, April 14, 2020 1:36 PM<br>
<b>To:</b> Kari Heffner <heffner@jlab.org><br>
<b>Cc:</b> Bobby Lawrence <robertl@jlab.org>; E. Anne McEwen <mcewen@jlab.org>; Tony Reilly <areilly@jlab.org>; pansophy <pansophy@jlab.org><br>
<b>Subject:</b> Re: MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Kari / Bobby,</span><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">The Pansophy Team has been working on getting our software updated. We are close to being ready to convert. We should be ready by Friday.</span><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">So, what steps do I need to take to prepare for the server conversion?</span><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">We are working on pansophydev-2018.jlab.org CF2018.</span><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">We are utilizing github so we will have to clone the new repository.</span><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">I would like to upgrade our development server first to make sure we understand all the steps that need to be taken (pansophydev.jlab.org). Test and then upgrade the production
 server (pansophy.jlab.org).</span><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">We had to create a new virtual server for this version of CF. There were several people involved to put all the pieces in place. </span><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Will you let me know how I should proceed to request this upgrade and an estimate of time-frame to complete so that I can inform my supervisors and we can prepare our users for
 the upgrade?</span><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Thank You.</span><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Valerie (Pansophy Team)</span><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:16.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="3" width="98%" align="center">
</div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Kari Heffner <<a href="mailto:heffner@jlab.org">heffner@jlab.org</a>><br>
<b>Sent:</b> Tuesday, March 24, 2020 5:38 PM<br>
<b>To:</b> Valerie Bookwalter <<a href="mailto:bookwalt@jlab.org">bookwalt@jlab.org</a>><br>
<b>Cc:</b> Bobby Lawrence <<a href="mailto:robertl@jlab.org">robertl@jlab.org</a>><br>
<b>Subject:</b> FW: MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE</span>
<o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="xmsonormal">Valerie, see the below for important security updates for the pansophy ColdFusion server. There are no updates for CF10 and so you need to be on a supported version of CF. In order to get your servers updated, bobby needs to get you all
 to the new server version he installed a while ago. When do you think that can happen?<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal">Thanks!<o:p></o:p></p>
<p class="xmsonormal">Kari<o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Bobby Lawrence <<a href="mailto:robertl@jlab.org">robertl@jlab.org</a>>
<br>
<b>Sent:</b> Tuesday, March 24, 2020 4:54 PM<br>
<b>To:</b> Kari Heffner <<a href="mailto:heffner@jlab.org">heffner@jlab.org</a>>; Dana Cochran <<a href="mailto:cochran@jlab.org">cochran@jlab.org</a>><br>
<b>Subject:</b> FW: MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE</span><o:p></o:p></p>
</div>
</div>
<p class="xmsonormal"> <o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Looks like we have CF updates to do.  I just logged into miswebvm1 and there is an update available to apply</span><o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Greg Nowicki <<a href="mailto:gnowicki@jlab.org">gnowicki@jlab.org</a>>
<br>
<b>Sent:</b> Tuesday, March 24, 2020 4:50 PM<br>
<b>To:</b> Bobby Lawrence <<a href="mailto:robertl@jlab.org">robertl@jlab.org</a>><br>
<b>Cc:</b> David Sheppard <<a href="mailto:sheppard@jlab.org">sheppard@jlab.org</a>>;
<a href="mailto:secops@jlab.org">secops@jlab.org</a>; <a href="mailto:seclog@jlab.org">
seclog@jlab.org</a><br>
<b>Subject:</b> Fw: MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE</span><o:p></o:p></p>
</div>
</div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:black">FYI. Looks like we have some serious vulnerabilities in ColdFusion.</span><o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:black"> </span><o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:black">Greg</span><o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:black"> </span><o:p></o:p></p>
</div>
<div>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:black"> </span><o:p></o:p></p>
</div>
<div style="margin-left:.5in">
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="3" width="98%" align="center">
</div>
</div>
<div id="x_divRplyFwdMsg">
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> MS-ISAC Advisory <<a href="mailto:MS-ISAC.Advisory@msisac.org">MS-ISAC.Advisory@msisac.org</a>><br>
<b>Sent:</b> Wednesday, March 18, 2020 21:49<br>
<b>To:</b> Thomas Duffy <<a href="mailto:Thomas.Duffy@cisecurity.org">Thomas.Duffy@cisecurity.org</a>><br>
<b>Subject:</b> [EXTERNAL] MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE</span>
<o:p></o:p></p>
<div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="xmsonormal" align="center" style="margin-left:.5in;text-align:center"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">TLP: WHITE</span></b><o:p></o:p></p>
<p class="xmsonormal" align="center" style="margin-left:.5in;text-align:center"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">MS-ISAC CYBERSECURITY ADVISORY</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">MS-ISAC ADVISORY NUMBER:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">2020-039</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">DATE(S) ISSUED:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">03/18/2020</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">SUBJECT:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">OVERVIEW:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple vulnerabilities have been discovered in Adobe Photoshop, ColdFusion, and Bridge that could allow for arbitrary code execution. Adobe Photoshop
 is a graphics editor program. Adobe Bridge is a file management application that manages files across multiple Adobe programs. Adobe ColdFusion is a rapid web-application development platform used to create and maintain web applications. Successful exploitation
 of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create
 new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">THREAT INTELLIGENCE:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">There are no reports of these vulnerabilities being exploited in the wild.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">SYSTEMS AFFECTED:</span></b><o:p></o:p></p>
<p class="xmsolistparagraph" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">        
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Adobe Bridge version 10.0 and earlier versions</span><o:p></o:p></p>
<p class="xmsolistparagraph" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">        
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Adobe ColdFusion 2016 Update 13 and earlier versions</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Adobe ColdFusion 2018 Update 7 and earlier versions</span><o:p></o:p></p>
<p class="xmsolistparagraph" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">        
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Adobe Photoshop CC 2019 version 20.0.8 and earlier versions</span><o:p></o:p></p>
<p class="xmsolistparagraph" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">        
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Adobe Photoshop 2020 version 21.1 and earlier versions</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">RISK:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Government:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Large and medium government entities:
<b>High</b></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Small government entities:
<b>Medium</b></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Businesses:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Large and medium business entities:
<b>High</b></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Small business entities:
<b>Medium</b></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Home users: Low</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">TECHNICAL SUMMARY:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple vulnerabilities have been discovered in Adobe Photoshop, ColdFusion, and Bridge that could allow for arbitrary code execution. The vulnerabilities
 are as follows:</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsolistparagraph" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:11.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">        
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Out-of-bounds write vulnerability could allow for Arbitrary Code Execution. (CVE-2020-9551)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Heap-based buffer overflow vulnerability could allow for Arbitrary Code Execution. (CVE-2020-9552)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Remote file read vulnerability could allow for Arbitrary File Read from the ColdFusion install directory. (CVE-2020-3761)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">File inclusion vulnerability could allow for Arbitrary Code Execution of files located in the webroot or its subdirectory (CVE-2020-3794)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Heap corruption vulnerability that could allow for Arbitrary Code Execution. (CVE-2020-3783)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple Memory corruption vulnerabilities that could allow for Arbitrary Code Execution. (CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788, CVE-2020-3789, CVE-2020-3790)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple Out-of-bounds read vulnerabilities that could allow for Information Disclosure. (CVE-2020-3771, CVE-2020-3777, CVE-2020-3778, CVE-2020-3781, CVE-2020-3782, CVE-2020-3791)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple Out-of-bounds write vulnerabilities that could allow for Arbitrary Code Execution. (CVE-2020-3773, CVE-2020-3779)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Multiple Buffer errors vulnerabilities that could allow for Arbitrary Code Execution. (CVE-2020-3770, CVE-2020-3772, CVE-2020-3774, CVE-2020-3775, CVE-2020-3776, CVE-2020-3780)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending
 on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted
 than those who operate with administrative user rights.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">RECOMMENDATIONS:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">We recommend the following actions be taken:</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Install updates provided by Adobe and related Coldfusion JDK/JRE versions immediately after appropriate testing.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Remind users not to visit websites or follow links provided by unknown or untrusted sources.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in;text-indent:-.25in"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt">      
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif">Apply the Principle of Least Privilege to all systems and services.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">REFERENCES:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">ADOBE:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=8L4VaFdWBML2rV7ll5Prvn-Ln1YNGftY5mc3JZGy1AQ&e=">https://helpx.adobe.com/security.html</a>
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security_products_bridge_apsb20-2D17.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=gz5y_UMZu6dh-mpYEHeqyJCYMojsx6CUqESdq3ICobk&e=">https://helpx.adobe.com/security/products/bridge/apsb20-17.html</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security_products_coldfusion_apsb20-2D16.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=QVHvwCuB-h-oFtN0a9Qj0y8-osjlOOjC1D9AX_RFt8o&e=">https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security_products_photoshop_apsb20-2D14.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=SGbb-4HsGR6HZYhh6ia9QlvUHVFUqqiITCNWAURdDxU&e=">https://helpx.adobe.com/security/products/photoshop/apsb20-14.html</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif">CVE:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3761&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=GFNcPCmgiVNGfLU2ZRQqyZNRQhfRy7ZfzbXMflN6U-0&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3761</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3770&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=KwWSmgI0CB1PcuGE2f0l08FTg1TKzrIkZ6OEZWPXDYk&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3770</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3771&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=P1bfT5UbNLbqB8HExhu0oQZm7eRk6ELRP3kkDhgp4kY&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3771</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3772&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=8Fjuv3Y4FCHe2CiLCsbe-IE0H6MStlQoknbv6L_7Y7Q&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3772</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3773&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=LLxmvx25QJxvD0DY-1VFFQvP-Mfe2W2hFhHfoxWZ78Q&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3773</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3774&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=5meBk8mvpV3zSXN49pAv3Cg8rVmJBjabay4uLZUuOfU&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3774</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3775&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=wK9ELuhpGKU-GzpmwkyzYapd2iE2qwPGZ85gvVid4zQ&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3775</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3776&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=OG66tOQI0EX6_fm6R8Y1uhwRzCaxx3N9E55heCf1tbo&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3776</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3777&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=bDtEI37fzBqOVt3_eOVCm6eem83aXQVe1NF0hDAQWE0&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3777</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3778&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=n6Z0WNu9nRpiFySoKGoarswPH7ggZJvXiYDjtHXPMmw&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3778</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3779&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=G3SS3YmyofAwxkC7tP6NFhdZEcgOzOv02cpA46cqy7k&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3779</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3780&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=m-eSXj2o1_vLJnNegnN-F3UozUJhm75vdGz1X1a8eKo&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3780</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3781&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=-4XHeIsMOrxgQZx1bOgzfVv7UY434eHn-vNx4E7rw2g&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3781</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3782&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=qlh6vHVWrDV4Gwo2_HH0dl5OPWfTSxhPhudJ1KTT2Eo&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3782</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3783&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=_AE2zZN6UtUdQiSr493rGA0bj9z-aiKegD8HiPlh9po&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3783</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3784&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=L7ZfjWVAi-VqxJEMDPOfJFEEwgOgYLk0FppXyhhOcpM&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3784</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3785&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=bXrSK6Jz-XXFod04wR8fPcr9el9qlDVM51smbs31cAI&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3785</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3786&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=jsqumk0Es9iAnTO6wSyO0IyMOcxRnnwa-TkzbfDER3w&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3786</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3787&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=W90p9yO0EPzMP08p9GR93BEGUkdNRWHWbmTQS7C5BcQ&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3787</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3788&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=UdUAlpjJ0-eQxF76yxa-UdPC2SFXulrjEbCtabhsodY&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3788</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3789&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=u2paLgtvtlJRRAA6gXJaAaCZtN6ILoBcr7HYCleP4d8&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3789</a>
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3790&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=LUPJ3GTw1Yw6BglFEK3nPNXXvMTi4mG8AAq6z5ghKsQ&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3790</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3791&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=jyj-SUl2JHz1lSyZI3etRro716Ur23Vg7L9hSS2FURI&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3791</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3794&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=RHpI2Rfl7cU3Fp23TYQuRqhRUgjXz5fIL8Qonu1kvXQ&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3794</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D9551&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=F7QCfETGEHTi3ZIqg1OwwZF6CZlOdj457mvm0gYHndc&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9551</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D9552&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=8EgkLfA8VKgFO1UHRo5-DFNHoJAKyKScp7nC9ULtDTA&e=">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9552</a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">24×7 Security Operations Center</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">Multi-State Information Sharing and Analysis Center (MS-ISAC)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">31 Tech Valley Drive</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">East Greenbush, NY 12061</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black"><a href="mailto:SOC@cisecurity.org"><span style="color:#954F72">SOC@cisecurity.org</span></a> - 1-866-787-4722
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"><img border="0" width="313" height="53" style="width:3.2638in;height:.5555in" id="x_Picture_x0020_11" src="cid:image001.jpg@01D61263.3FB001D0" alt="cid:image001.jpg@01D40C67.01A3BDE0"></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_CenterforIntSec_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=E_x3D_2BAVbE2Rf8feq2NgaceAjBx01bX9YZJLovbc4&e="><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.243in;height:.25in" id="x_Picture_x0020_10" src="cid:image002.png@01D61263.3FB001D0" alt="cid:image002.png@01D291DE.F838E090"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_CISecurity_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=lFdse_-DieTBN9Jwgw7eZVSq7MxI0eFI4MkWOItW2vI&e="><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.243in;height:.25in" id="x_Picture_x0020_9" src="cid:image003.png@01D61263.3FB001D0" alt="cid:image003.png@01D291DE.F838E090"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_user_TheCISecurity_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=3PL2tQmINgFo33iwlKosj2RhzRCFJnZwUMYX4Jbuo-A&e="><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.243in;height:.25in" id="x_Picture_x0020_8" src="cid:image004.png@01D61263.3FB001D0" alt="cid:image004.png@01D291DE.F838E090"></span></a><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_the-2Dcenter-2Dfor-2Dinternet-2Dsecurity_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=KrO7lzwBzM3k4BhinlHzCilRM2mC-n1G5aMKKO68JJM&e="><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.243in;height:.25in" id="x_Picture_x0020_7" src="cid:image005.png@01D61263.3FB001D0" alt="cid:image005.png@01D291DE.F838E090"></span></a></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" align="center" style="margin-left:.5in;text-align:center"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">TLP: WHITE</span></b><o:p></o:p></p>
<p class="xmsonormal" align="center" style="margin-left:.5in;text-align:center"><b><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:black">Disclosure is not limited. Subject to standard copyright rules, TLP: WHITE information may be distributed
 without restriction.</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span><o:p></o:p></p>
</div>
<p class="xmsonormal" style="margin-left:.5in">This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments
 is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
<br>
<br>
. . . . . <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>