<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Arial",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:271668123;
mso-list-type:hybrid;
mso-list-template-ids:1801746966 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:359087018;
mso-list-type:hybrid;
mso-list-template-ids:1012968910 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:580605032;
mso-list-type:hybrid;
mso-list-template-ids:-640410410 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3
{mso-list-id:1085109420;
mso-list-type:hybrid;
mso-list-template-ids:-1968022600 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4
{mso-list-id:1907377490;
mso-list-type:hybrid;
mso-list-template-ids:367197452 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Sorry for the multiple emails. Please find the additional advisory for Microsoft products below.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thor<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D">Thor Sage<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Executive Director<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Miami Valley Educational Computer Association<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">937-767-1468 x3101<o:p></o:p></span></p>
<p class="MsoNormal"><a href="http://www.mveca.org/"><span style="color:#1F497D;text-decoration:none"><img border="0" width="174" height="64" style="width:1.8125in;height:.6666in" id="_x0000_i1033" src="cid:image006.jpg@01D73101.50B29C50" alt="http://www.mveca.org/images/logo.gif"></span></a><span style="color:#1F497D">
</span><a href="https://www.linkedin.com/company/mveca/"><span style="color:#1F497D;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="_x0000_i1032" src="cid:image007.jpg@01D73101.50B29C50" alt="i"></span></a><a href="https://twitter.com/mvecarcog"><span style="color:#1F497D;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="_x0000_i1031" src="cid:image008.jpg@01D73101.50B29C50" alt="t"></span></a><a href="https://www.facebook.com/MVECA-707401659416692/"><span style="color:#1F497D;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="_x0000_i1030" src="cid:image009.jpg@01D73101.50B29C50" alt="f"></span></a><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="color:#1F497D">Not-for-profit Technology Services for Education and Local Governments<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> MS-ISAC Advisory <MS-ISAC.Advisory@msisac.org> <br>
<b>Sent:</b> Tuesday, April 13, 2021 9:42 PM<br>
<b>To:</b> Michael Aliperti <Michael.Aliperti@cisecurity.org><br>
<b>Subject:</b> UPDATED - MS-ISAC CYBERSECURITY ADVISORY - Critical Patches Issued for Microsoft Products, April 13, 2021 - PATCH: NOW - TLP: WHITE<br>
<b>Importance:</b> High<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<strong><span style="font-family:"Arial",sans-serif">TLP: WHITE</span></strong><o:p></o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<strong><span style="font-family:"Arial",sans-serif">MS-ISAC CYBERSECURITY ADVISORY</span></strong><o:p></o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<strong><span style="font-family:"Arial",sans-serif">MS-ISAC ADVISORY NUMBER:</span></strong><span style="font-family:"Arial",sans-serif"><br>
2021-046 - <b>UPDATED</b></span><o:p></o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<strong><span style="font-family:"Arial",sans-serif">DATE(S) ISSUED:</span></strong><span style="font-family:"Arial",sans-serif"><br>
04/13/2021 - <b>UPDATED</b></span><o:p></o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<strong><span style="font-family:"Arial",sans-serif">SUBJECT:</span></strong><span style="font-family:"Arial",sans-serif"><br>
<b>UPDATED</b> - Critical Patches Issued for Microsoft Products, April 13, 2021</span><o:p></o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<strong><span style="font-family:"Arial",sans-serif">OVERVIEW:</span></strong><span style="font-family:"Arial",sans-serif"><br>
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.</span><o:p></o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<strong><span style="font-family:"Arial",sans-serif">THREAT INTELLIGENCE:</span></strong><span style="font-family:"Arial",sans-serif"><br>
There are no reports of these vulnerabilities being exploited in the wild.</span><o:p></o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<b><i><span style="font-family:"Arial",sans-serif">April 13 – UPDATED THREAT INTELLIGENCE:</span></i></b><o:p></o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<b><i><span style="font-family:"Arial",sans-serif">The following CVEs were disclosed publicly but are not known to be exploited in the wild:</span></i></b><o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo1">
<b><i><span style="font-family:"Arial",sans-serif">CVE-2021-27091 - RPC Endpoint Mapper Service Elevation of Privilege Vulnerability</span></i></b><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo1">
<b><i><span style="font-family:"Arial",sans-serif">CVE-2021-28312 - Windows NTFS Denial of Service Vulnerability</span></i></b><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo1">
<b><i><span style="font-family:"Arial",sans-serif">CVE-2021-28437 - Windows Installer Information Disclosure Vulnerability – PolarBear</span></i></b><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo1">
<b><i><span style="font-family:"Arial",sans-serif">CVE-2021-28458 - Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability</span></i></b><o:p></o:p></li></ul>
<p><b><i><span style="font-family:"Arial",sans-serif">CVE-2021-28310 (Win32k Elevation of Privilege Vulnerability) was discovered by Kaspersky and they are reporting that this vulnerability is possibly being exploited by the BITTER APT group.</span></i></b><o:p></o:p></p>
<p><strong><span style="font-family:"Arial",sans-serif">SYSTEMS AFFECTED:</span></strong><o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Azure AD Web Sign-in</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Azure DevOps</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Azure Sphere</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Microsoft Edge (Chromium-based)</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Microsoft Exchange Server</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Microsoft Graphics Component</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Microsoft Internet Messaging API</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Microsoft NTFS</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Microsoft Office Excel</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Microsoft Office Outlook</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Microsoft Office SharePoint</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Microsoft Office Word</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Microsoft Windows Codecs Library</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Microsoft Windows Speech</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Open Source Software</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Role: DNS Server</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Role: Hyper-V</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Visual Studio</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Visual Studio Code</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Visual Studio Code - GitHub Pull Requests and Issues Extension</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Visual Studio Code - Kubernetes Tools</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Visual Studio Code - Maven for Java Extension</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Application Compatibility Cache</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows AppX Deployment Extensions</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Console Driver</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Diagnostic Hub</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Early Launch Antimalware Driver</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows ELAM</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Event Tracing</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Installer</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Kernel</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Media Player</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Network File System</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Overlay Filter</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Portmapping</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Registry</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Remote Procedure Call Runtime</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Resource Manager</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Secure Kernel Mode</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Services and Controller App</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows SMB Server</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows TCP/IP</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo2">
<span style="font-family:"Arial",sans-serif">Windows Win32K</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo2"><span style="font-family:"Arial",sans-serif">Windows WLAN Auto Config Service</span><o:p></o:p></li></ul>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNoSpacing"><strong><span style="font-family:"Arial",sans-serif">RISK:</span></strong><b><span style="font-family:"Arial",sans-serif"><br>
<span style="color:black">Government:</span></span></b><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l4 level1 lfo3"><span style="font-family:"Arial",sans-serif">Large and medium government entities:<b> High</b></span><o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l4 level1 lfo3"><span style="font-family:"Arial",sans-serif">Small government entities: <b>Medium</b></span><o:p></o:p></li></ul>
<p class="MsoNoSpacing"><b><span style="font-family:"Arial",sans-serif;color:black">Businesses:</span></b><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo4"><span style="font-family:"Arial",sans-serif">Large and medium business entities: <b>High</b></span><o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l2 level1 lfo4"><span style="font-family:"Arial",sans-serif">Small business entities: <b>Medium</b></span><o:p></o:p></li></ul>
<p class="MsoNoSpacing"><b><span style="font-family:"Arial",sans-serif;color:black">Home users: Low</span></b><o:p></o:p></p>
<p class="MsoNoSpacing"><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">TECHNICAL SUMMARY:</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for arbitrary code execution.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">A full list of all vulnerabilities can be found at the link below:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><a href="https://msrc.microsoft.com/update-guide/en-us">https://msrc.microsoft.com/update-guide/en-us</a>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with
the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative
user rights.</span><o:p></o:p></p>
<p class="MsoNormal"><strong><span style="font-family:"Calibri",sans-serif"> </span></strong><o:p></o:p></p>
<p class="MsoNormal"><strong><span style="font-family:"Arial",sans-serif">RECOMMENDATIONS:</span></strong><span style="font-family:"Arial",sans-serif"><br>
We recommend the following actions be taken:</span><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level1 lfo5"><span style="font-family:"Arial",sans-serif">Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo5"><span style="font-family:"Arial",sans-serif">Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo5"><span style="font-family:"Arial",sans-serif">Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo5"><span style="font-family:"Arial",sans-serif">Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources.</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo5"><span style="font-family:"Arial",sans-serif">Apply the Principle of Least Privilege to all systems and services.</span><o:p></o:p></li></ul>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt">
<span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><strong><span style="font-family:"Arial",sans-serif">REFERENCES:</span></strong><span style="font-family:"Arial",sans-serif"><br>
<strong><span style="font-family:"Arial",sans-serif">Microsoft:</span></strong></span><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level1 lfo5"><span style="font-family:"Arial",sans-serif"><a href="https://msrc.microsoft.com/update-guide">https://msrc.microsoft.com/update-guide</a></span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo5"><span style="font-family:"Arial",sans-serif"><a href="https://msrc.microsoft.com/update-guide/releaseNote/2021-Apr">https://msrc.microsoft.com/update-guide/releaseNote/2021-Apr</a></span><o:p></o:p></li></ul>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><i><span style="font-family:"Arial",sans-serif">April 13 – UPDATED REFERENCES:</span></i></b><o:p></o:p></p>
<p class="MsoNormal"><b><i><span style="font-family:"Arial",sans-serif">Bleeping Computer:</span></i></b><o:p></o:p></p>
<p class="MsoNormal"><b><i><span style="font-family:"Arial",sans-serif"><a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2021-patch-tuesday-fixes-108-flaws-5-zero-days/">https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2021-patch-tuesday-fixes-108-flaws-5-zero-days/</a></span></i></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt;background:white">
<strong><span style="font-family:"Arial",sans-serif;color:#091E42">TLP: WHITE</span></strong><span style="font-family:"Arial",sans-serif;color:#091E42"><br>
</span><span style="font-family:"Arial",sans-serif"><a href="https://www.cisa.gov/tlp"><span style="color:windowtext">https://www.cisa.gov/tlp</span></a></span><o:p></o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt;background:white">
<span style="font-family:"Arial",sans-serif">Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information
may be distributed without restriction.<br>
<br>
Please send all opt out requests to <a href="mailto:info@msisac.org"><span style="color:windowtext">info@msisac.org</span></a>.</span><o:p></o:p></p>
<p style="mso-margin-top-alt:9.0pt;margin-right:0in;margin-bottom:0in;margin-left:0in;margin-bottom:.0001pt;background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-thickness: initial;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-family:"Arial",sans-serif">This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments
is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:black">24×7 Security Operations Center</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:black">Multi-State Information Sharing and Analysis Center (MS-ISAC)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:black">Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:black">31 Tech Valley Drive</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:black">East Greenbush, NY 12061</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><a href="mailto:SOC@cisecurity.org"><span style="color:#954F72">SOC@cisecurity.org</span></a><span style="color:black"> - 1-866-787-4722</span></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><img border="0" width="278" height="46" style="width:2.8958in;height:.4791in" id="Picture_x0020_1" src="cid:image001.jpg@01D730AD.CE3B30A0" alt="cid:image001.jpg@01D40C67.01A3BDE0"></span><o:p></o:p></p>
<p class="MsoNormal"><a href="https://www.facebook.com/CenterforIntSec/"><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.2395in;height:.25in" id="Picture_x0020_2" src="cid:image002.png@01D730AD.CE3B30A0" alt="cid:image002.png@01D291DE.F838E090"></span></a><a href="https://twitter.com/CISecurity/"><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.2395in;height:.25in" id="Picture_x0020_3" src="cid:image003.png@01D730AD.CE3B30A0" alt="cid:image003.png@01D291DE.F838E090"></span></a><span style="font-family:"Arial",sans-serif"> </span><a href="https://www.youtube.com/user/TheCISecurity/"><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.2395in;height:.25in" id="Picture_x0020_4" src="cid:image004.png@01D730AD.CE3B30A0" alt="cid:image004.png@01D291DE.F838E090"></span></a><span style="font-family:"Arial",sans-serif"> </span><a href="https://www.linkedin.com/company/the-center-for-internet-security/"><span style="font-family:"Arial",sans-serif;color:windowtext;text-decoration:none"><img border="0" width="23" height="24" style="width:.2395in;height:.25in" id="Picture_x0020_5" src="cid:image005.png@01D730AD.CE3B30A0" alt="cid:image005.png@01D291DE.F838E090"></span></a><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution
or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
<br>
<br>
. . . . .<o:p></o:p></span></p>
</div>
</body>
</html>