<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p><b><span style="font-family:"Arial",sans-serif;color:black">Attn: CoIT Members & Cybersecurity Group (</span></b><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">TLP: </span></b><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:#FFC000">AMBER</span></b><b><span style="font-family:"Arial",sans-serif;color:black">) </span></b><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">*Do not forward outside of OSRHE/Higher Ed</span></b><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
<p><span style="font-family:"Arial",sans-serif">Forwarding an email from MS-ISAC covering Common Vulnerabilities and Exposures (CVE) associated with Malicious Iranian actors. Recommendation is to review and determine if you are vulnerable to CVE's listed below
an prioritize remediation. </span><o:p></o:p></p>
<p><span style="color:black"><o:p> </o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">Chris Kosciuk</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"><a href="mailto:ckosciuk@osrhe.edu">ckosciuk@osrhe.edu</a></span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">405.225.9440</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><br>
------------------------------------------------------------------------------------------<o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
<div>
<div>
<p style="margin-bottom:10.0pt;line-height:115%"><b><span style="font-family:"Arial",sans-serif;color:black">TO:
</span></b><b><span style="font-family:"Arial",sans-serif;color:#212121">All MS-ISAC and EI-ISAC Members</span></b><span style="color:black"><o:p></o:p></span></p>
<p style="margin-bottom:10.0pt;line-height:115%"><b><span style="font-family:"Arial",sans-serif;color:black">DATE: January 10, 2020</span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">SUBJECT: List of Common Vulnerabilities and Exposures (CVE) Associated with Malicious Iranian Actors - TLP: </span></b><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:#FFC000">AMBER</span></b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p><span style="color:black"> <o:p></o:p></span></p>
<p style="margin-bottom:10.0pt;line-height:115%"><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<div style="border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in">
<p style="margin-bottom:10.0pt;line-height:115%"><span style="font-family:"Arial",sans-serif;color:black">Message from CISA below:</span><span style="color:black"><o:p></o:p></span></p>
</div>
<p style="margin-bottom:10.0pt;line-height:115%"><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p style="margin-bottom:10.0pt;line-height:115%"><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p align="center" style="text-align:center"><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">TLP: </span></b><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:#FFC000">AMBER</span></b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"> <o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"> <o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">The Cybersecurity and Infrastructure Security Agency (CISA) would like to provide the below list of Common Vulnerabilities and Exposures (CVE) Associated with Malicious Iranian Actors to our state
and local partners:</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">• CVE-2018-20250</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">• CVE-2017-11882</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">• CVE-2017-11774</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">• CVE-2017-0199</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">• CVE-2012-0158</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p style="line-height:105%"><span style="font-size:12.0pt;line-height:105%;font-family:"Arial",sans-serif;color:black">These CVEs are known to have been used in cyber attacks by malicious actors affiliated with the Iranian state, based on analysis by a trusted
third party. CISA encourages our SLTT partners to review the list, determine if they are vulnerable to any CVEs, and prioritize the mitigation of those vulnerabilities.</span><span style="font-size:12.0pt;line-height:105%;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p style="line-height:105%"><span style="font-size:12.0pt;line-height:105%;font-family:"Arial",sans-serif;color:black"> </span><span style="font-size:12.0pt;line-height:105%;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p style="line-height:105%"><span style="font-size:12.0pt;line-height:105%;font-family:"Arial",sans-serif;color:black">Due to the sensitive nature of this information,
<u>please do not distribute outside of your organization.</u></span><span style="font-size:12.0pt;line-height:105%;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p style="line-height:105%"><span style="font-size:12.0pt;line-height:105%;font-family:"Arial",sans-serif;color:black"> </span><span style="font-size:12.0pt;line-height:105%;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p style="line-height:105%"><span style="font-size:12.0pt;line-height:105%;font-family:"Times New Roman",serif;color:black"> <o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">As always, to report an intrusion and request resources for incident response or technical assistance, contact CISA (<a href="mailto:CISAservicedesk@cisa.dhs.gov"><span style="color:#0563C1">CISAservicedesk@cisa.dhs.gov</span></a>
or 888-282-0870).</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"> </span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">Respectfully,</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">The CISA SLTT Partnerships Team</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p><b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"> </span></b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><img border="0" width="157" height="64" style="width:1.6354in;height:.6666in" id="Picture_x0020_2" src="cid:image001.png@01D5C760.A0637C80" alt="CISA Wordmark CMYK 20181115_4 color seal with dk blue text"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"> <o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"> <o:p></o:p></span></p>
<p align="center" style="text-align:center"><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">TLP: </span></b><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:#FFC000">AMBER</span></b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p align="center" style="text-align:center"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">Limited Disclosure, restricted to participants' organizations. Recipients may only share
<b>TLP</b>: </span><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:#FFC000">AMBER</span></b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"> information with members of their own organization, and with clients
or customers who need to know the information to protect themselves or prevent further harm.</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p align="center" style="text-align:center"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><a href="https://smex12-5-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.us%2dcert.gov%2ftlp%2f&umid=e06e4134-3973-45f8-bb9b-559e173b9754&auth=c45bec4b57924095a5e6f7ab44949d6e3d36ad67-2a0323b4f6a172e618b0f9b835003d9c424f2fef"><span style="font-family:"Arial",sans-serif;color:#0563C1">https://www.us-cert.gov/tlp/</span></a><o:p></o:p></span></p>
<p style="margin-bottom:10.0pt;line-height:115%"><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<div style="border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in">
<p style="margin-bottom:10.0pt;line-height:115%"><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
</div>
<p style="margin-bottom:10.0pt;line-height:115%"><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p style="margin-bottom:10.0pt;line-height:115%"><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">24×7 Security Operations Center</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">Multi-State Information Sharing and Analysis Center (MS-ISAC)</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC)</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">31 Tech Valley Drive</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">East Greenbush, NY 12061</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"><a href="mailto:SOC@cisecurity.org"><span style="color:#0563C1">SOC@cisecurity.org</span></a> - 1-866-787-4722</span><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black;background:white"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"><img border="0" width="327" height="49" style="width:3.4062in;height:.5104in" id="x_Picture_x0020_10" src="cid:image002.png@01D5C760.A0637C80" alt="MS+EI emailsig@2x">
</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"><a href="https://www.facebook.com/CenterforIntSec"><span style="color:windowtext;text-decoration:none"><img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="x_Picture_x0020_9" src="cid:image003.png@01D5C760.A0637C80" alt="cid:image002.png@01D291DE.F838E090"></span></a> <a href="https://twitter.com/CISecurity"><span style="color:windowtext;text-decoration:none"><img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="x_Picture_x0020_8" src="cid:image004.png@01D5C760.A0637C80" alt="cid:image003.png@01D291DE.F838E090"></span></a> <a href="https://www.youtube.com/user/TheCISecurity"><span style="color:windowtext;text-decoration:none"><img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="x_Picture_x0020_7" src="cid:image005.png@01D5C760.A0637C80" alt="cid:image004.png@01D291DE.F838E090"></span></a> <a href="https://www.linkedin.com/company/the-center-for-internet-security"><span style="color:windowtext;text-decoration:none"><img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="x_Picture_x0020_6" src="cid:image006.png@01D5C760.A0637C80" alt="cid:image005.png@01D291DE.F838E090"></span></a></span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message
and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
<br>
<br>
. . . . . <o:p></o:p></span></p>
</div>
</div>
</div>
</body>
</html>