<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Arial",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:359087018;
mso-list-type:hybrid;
mso-list-template-ids:1012968910 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:1186945450;
mso-list-template-ids:723965336;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:1650985905;
mso-list-type:hybrid;
mso-list-template-ids:2033996368 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3
{mso-list-id:1692948430;
mso-list-template-ids:-1747310802;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Good morning.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Please see the below advisory from MS-ISAC regarding a multitude of vulnerabilities in Microsoft products. Recommendations include the following:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">• Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">• Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">• Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">• Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">• Apply the Principle of Least Privilege to all systems and services.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D">It is critical that all patches and releases be applied. MVECA support staff have been activitly working to address all vulnerabilities on hosted systems and servers. Please let me know if you have questions.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thank you,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thor<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thor Sage<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Executive Director<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Miami Valley Educational Computer Association<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">937-767-1468 x3101<o:p></o:p></span></p>
<p class="MsoNormal"><a href="http://www.mveca.org/"><span style="color:#1F497D;text-decoration:none"><img border="0" width="174" height="64" style="width:1.8125in;height:.6666in" id="_x0000_i1033" src="cid:image006.jpg@01D7157E.B2AEED30" alt="http://www.mveca.org/images/logo.gif"></span></a><span style="color:#1F497D">
</span><a href="https://www.linkedin.com/company/mveca/"><span style="color:#1F497D;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="_x0000_i1032" src="cid:image007.jpg@01D7157E.B2AEED30" alt="i"></span></a><a href="https://twitter.com/mvecarcog"><span style="color:#1F497D;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="_x0000_i1031" src="cid:image008.jpg@01D7157E.B2AEED30" alt="t"></span></a><a href="https://www.facebook.com/MVECA-707401659416692/"><span style="color:#1F497D;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="_x0000_i1030" src="cid:image009.jpg@01D7157E.B2AEED30" alt="f"></span></a><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="color:#1F497D">Not-for-profit Technology Services for Education and Local Governments<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> MS-ISAC Advisory <MS-ISAC.Advisory@msisac.org> <br>
<b>Sent:</b> Tuesday, March 9, 2021 2:20 PM<br>
<b>To:</b> Michael Aliperti <Michael.Aliperti@cisecurity.org><br>
<b>Subject:</b> MS-ISAC CYBERSECURITY ADVISORY - Critical Patches Issued for Microsoft Products, March 09, 2021 - PATCH: NOW - TLP: WHITE<br>
<b>Importance:</b> High<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Arial",sans-serif"> </span></b><o:p></o:p></p>
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Arial",sans-serif">TLP: WHITE</span></b><o:p></o:p></p>
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Arial",sans-serif">MS-ISAC CYBERSECURITY ADVISORY</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">MS-ISAC ADVISORY NUMBER:</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">2021-032</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">DATE(S) ISSUED:</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">03/09/2021</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">SUBJECT:</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Critical Patches Issued for Microsoft Products, March 09, 2021</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">OVERVIEW:</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities
could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users
whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">THREAT INTELLIGENCE:</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">There are reports of two vulnerabilities observed being exploited in the wild (CVE-2021-27077 and CVE-2021-26411). CVE-2021-27077 is an Windows Win32k elevation of privilege vulnerability which
allowed an attacker to escalate their privileges. CVE-2021-26411 is an Internet Explorer memory corruption vulnerability which would allow an attacker to run malicious code on the affected system when a user visited a specially crafted HTMl file. Proof-of-concept
code is available for both of these CVEs.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">SYSTEMS AFFECTED:</span></b><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Application Virtualization</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Azure</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Azure DevOps</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Azure Sphere</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Internet Explorer</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Microsoft ActiveX</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Microsoft Exchange Server</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Microsoft Edge (Chromium-based)</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Microsoft Graphics Component</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Microsoft Office</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Microsoft Office Excel</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Microsoft Office PowerPoint</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Microsoft Office SharePoint</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Microsoft Office Visio</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Microsoft Windows Codecs Library</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Power BI</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Role: DNS Server</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Role: Hyper-V</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Visual Studio</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Visual Studio Code</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Admin Center</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Container Execution Agent</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows DirectX</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Error Reporting</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Event Tracing</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Extensible Firmware Interface</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Folder Redirection</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Installer</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Media</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Overlay Filter</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Print Spooler Components</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Projected File System Filter Driver</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Registry</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Remote Access API</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Storage Spaces Controller</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Update Assistant</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Update Stack</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows UPnP Device Host</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows User Profile Service</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows WalletService</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo1"><span style="font-family:"Arial",sans-serif">Windows Win32K</span><o:p></o:p></li></ul>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">RISK:</span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">Government:</span></b><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l3 level1 lfo2"><span style="font-family:"Arial",sans-serif">Large and medium government entities: <b>High</b></span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l3 level1 lfo2"><span style="font-family:"Arial",sans-serif">Small government entities: <b>Medium</b></span><o:p></o:p></li></ul>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">Businesses:</span></b><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="font-family:"Arial",sans-serif">Large and medium business entities: <b>High</b></span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="font-family:"Arial",sans-serif">Small business entities: <b>Medium</b></span><o:p></o:p></li></ul>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">Home users: Low</span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif"> </span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">TECHNICAL SUMMARY:</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">A full list of all vulnerabilities can be found at the link below:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><a href="https://msrc.microsoft.com/update-guide/en-us">https://msrc.microsoft.com/update-guide/en-us</a>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with
the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative
user rights.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">RECOMMENDATIONS:</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">We recommend the following actions be taken:</span><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo4"><span style="font-family:"Arial",sans-serif">Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo4"><span style="font-family:"Arial",sans-serif">Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo4"><span style="font-family:"Arial",sans-serif">Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo4"><span style="font-family:"Arial",sans-serif">Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources.</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo4"><span style="font-family:"Arial",sans-serif">Apply the Principle of Least Privilege to all systems and services.</span><o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">REFERENCES:</span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">Microsoft:</span></b><o:p></o:p></p>
<p class="MsoNormal"><a name="_Hlk42601747"></a><a href="https://portal.msrc.microsoft.com/en-us/security-guidance"><span style="mso-bookmark:_Hlk42601747"><span style="font-family:"Arial",sans-serif">https://portal.msrc.microsoft.com/en-us/security-guidance</span></span><span style="mso-bookmark:_Hlk42601747"></span></a><span style="mso-bookmark:_Hlk42601747"></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><a href="https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar">https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar</a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">BleepingComputer:</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2021-patch-tuesday-fixes-82-flaws-2-zero-days/">https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2021-patch-tuesday-fixes-82-flaws-2-zero-days/</a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">24x7 Security Operations Center<br>
Multi-State Information Sharing and Analysis Center (MS-ISAC)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC)<br>
31 Tech Valley Drive<br>
East Greenbush, NY 12061<br>
</span><a href="mailto:SOC@cisecurity.org"><span style="font-family:"Arial",sans-serif">SOC@cisecurity.org</span></a><span style="font-family:"Arial",sans-serif"> - 1-866-787-4722</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><img border="0" width="278" height="47" style="width:2.8958in;height:.4895in" id="Picture_x0020_1" src="cid:image001.jpg@01D714EF.0D8F18A0" alt="cid:image013.jpg@01D6E8EF.4DA5FD40"></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> <img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="Picture_x0020_2" src="cid:image002.png@01D714EF.0D8F18A0" alt="cid:image014.png@01D6E8EF.4DA5FD40"> <img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="Picture_x0020_3" src="cid:image003.png@01D714EF.0D8F18A0" alt="cid:image015.png@01D6E8EF.4DA5FD40"> <img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="Picture_x0020_4" src="cid:image004.png@01D714EF.0D8F18A0" alt="cid:image016.png@01D6E8EF.4DA5FD40"> <img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="Picture_x0020_5" src="cid:image005.png@01D714EF.0D8F18A0" alt="cid:image017.png@01D6E8EF.4DA5FD40"></span><o:p></o:p></p>
<p class="MsoNormal" align="center" style="text-align:center;text-autospace:none">
<b><span style="font-family:"Arial",sans-serif"> </span></b><o:p></o:p></p>
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Arial",sans-serif">TLP: WHITE</span></b><o:p></o:p></p>
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Arial",sans-serif">Disclosure is not limited. Subject to standard copyright rules, TLP: WHITE information may be distributed without restriction.<br>
</span></b><a href="http://www.us-cert.gov/tlp/"><b><span style="font-family:"Arial",sans-serif;text-decoration:none">http://www.us-cert.gov/tlp/</span></b></a><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution
or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
<br>
<br>
. . . . .<o:p></o:p></span></p>
</div>
</body>
</html>