<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:59980804;
mso-list-template-ids:785399510;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:161899419;
mso-list-template-ids:-513671064;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:179129095;
mso-list-template-ids:64098206;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:1120954599;
mso-list-template-ids:1139306402;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Good afternoon,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Chris has asked me to share this cybersecurity advisory from MS-ISAC.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="color:#2F5496">April Goode, MBA, SPP<br>
</span></b><span style="color:#2F5496">Director of OneNet Strategic Planning and Communications<br>
Oklahoma State Regents for Higher Education<br>
405.225.9251<br>
<a href="mailto:april@onenet.net" target="_blank">april@onenet.net</a></span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div id="divtagdefaultwrapper">
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Subject: </span><b><span style="font-family:"Arial",sans-serif;color:black">CYBERSECURITY ADVISORY for Log4j Vulnerability</span></b><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif;color:black">Please see the advisory below from MS-ISAC</span></b><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><br>
>><o:p></o:p></span></p>
<div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt;color:black">
<hr size="2" width="98%" align="center">
</span></div>
<div id="divRplyFwdMsg">
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p><b><span style="font-family:"Arial",sans-serif;color:black">TLP: WHITE</span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">MS-ISAC CYBERSECURITY ADVISORY</span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">MS-ISAC ADVISORY NUMBER:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">2021-158 - <b>UPDATED</b></span><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">DATE(S) ISSUED:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">12/10/2021</span><span style="color:black"><o:p></o:p></span></p>
<p><b><i><span style="font-family:"Arial",sans-serif;color:black">12/13/2021 -</span></i></b><span style="font-family:"Arial",sans-serif;color:black">
<b>UPDATED</b></span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">SUBJECT:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">A Vulnerability in Apache Log4j Could Allow for Arbitrary Code Execution</span><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">OVERVIEW:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">A vulnerability has been discovered in Apache Log4j, a very ubiquitous logging package for Java. Successful exploitation of this vulnerability could allow for arbitrary code execution within the context
of the systems and services that use the Java logging library, including many services and applications written in Java. Depending on the privileges associated with these systems and services, an attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. If these systems and services have been configured to have fewer user rights, exploitation of this vulnerability could have less impact than if they were configured with administrative rights.</span><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">THREAT INTELLIGENCE:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">According to numerous open source reports, Log4j is used with Apache software like Apache Struts, Solr, Druid, along with other technologies. Many websites of manufacturers and providers have been
found to be affected including Apple, Twitter, Steam, Tesla and more. Threat actors will likely include payloads in simple HTTP connections, either in a User-Agent header or trivial POST form data. In addition, it has been reported that organizations are already
seeing signs of exploitation in the wild with further attempts on other websites likely.
</span><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">SYSTEMS AFFECTED:</span></b><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:black">Apache Log4j between versions 2.0 and 2.14.1</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">RISK:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">Government:</span></b><span style="color:black"><o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo2"><span style="font-family:"Arial",sans-serif">Large and medium government entities:<b> High</b></span><o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo2"><span style="font-family:"Arial",sans-serif">Small government entities:
<b>High</b></span><o:p></o:p></li></ul>
<p><b><span style="font-family:"Arial",sans-serif;color:black">Businesses:</span></b><span style="color:black"><o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l0 level1 lfo3"><span style="font-family:"Arial",sans-serif">Large and medium business entities:
<b>High</b></span><o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l0 level1 lfo3"><span style="font-family:"Arial",sans-serif">Small business entities:
<b>High</b></span><o:p></o:p></li></ul>
<p><b><span style="font-family:"Arial",sans-serif;color:black">Home users: High</span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">TECHNICAL SUMMARY:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">A vulnerability has been discovered in Apache Log4j, a very ubiquitous logging package for Java. This vulnerability resides in the JNDI lookup feature of the log4j library. The JNDI lookup feature
of log4j allows variables to be retrieved via JNDI - Java Naming and Directory Interface. This is an API that provides naming and directory functionality to Java applications. While there are many possibilities, the log4j API supports LDAP and RMI (Remote
Method Invocation). An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of the systems and services that use the Java logging library, including many services and
applications written in Java. Depending on the privileges associated with these systems and services, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If these systems and services have been
configured to have fewer user rights, exploitation of this vulnerability could have less impact than if they were configured with administrative rights.</span><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">RECOMMENDATIONS:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">We recommend the following actions be taken:</span><span style="color:black"><o:p></o:p></span></p>
<p style="text-indent:-.25in"><span style="font-family:Symbol;color:black">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black">
</span><span style="font-family:"Arial",sans-serif;color:black">Apply the latest patches (version 2.15.0) provided by Apache after appropriate testing.</span><span style="color:black"><o:p></o:p></span></p>
<p style="text-indent:-.25in"><span style="font-family:Symbol;color:black">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black">
</span><span style="font-family:"Arial",sans-serif;color:black">Run all systems and services as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.</span><span style="color:black"><o:p></o:p></span></p>
<p style="text-indent:-.25in"><span style="font-family:Symbol;color:black">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black">
</span><span style="font-family:"Arial",sans-serif;color:black">Apply the Principle of Least Privilege to all systems and services.</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><b><i><span style="font-family:"Arial",sans-serif;color:black">December 13<sup>th</sup></span></i></b><span style="font-family:"Arial",sans-serif;color:black">
<b>– UPDATED RECOMMENDATIONS:</b></span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><b><span style="font-family:"Arial",sans-serif;color:black">Run the “Log4Shell” Vulnerability Tester provided by Huntress to test whether your applications are vulnerable to CVE-2021-44228 (please see references for the Huntress
link).</span></b><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo4">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><b><span style="font-family:"Arial",sans-serif;color:black">Check the GitHub repository listed in the reference section to see all the Security Advisories & Bulletins related to CVE-2021-44228, which include applications affected,
version numbers, and the associated patches that should be implemented if you have the affected version in your environment.</span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">REFERENCES:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">CVE:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228"><span style="color:#0563C1">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228</span></a></span><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">SANS Technology Institute:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"><a href="https://isc.sans.edu/diary/28120"><span style="color:#0563C1">https://isc.sans.edu/diary/28120</span></a></span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">ZDNet:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"><a href="https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/"><span style="color:#0563C1">https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/</span></a></span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">Ars Technica:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"><a href="https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/"><span style="color:#0563C1">https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/</span></a></span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><b><i><span style="font-family:"Arial",sans-serif;color:black">December 13<sup>th</sup></span></i></b><b><span style="font-family:"Arial",sans-serif;color:black"> – UPDATED REFERENCES:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">GitHub:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"><a href="https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592"><span style="color:#0563C1">https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592</span></a>
</span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black">Huntress Log4Shell Tool:</span></b><span style="color:black"><o:p></o:p></span></p>
<p><b><span style="font-family:"Arial",sans-serif;color:black"><a href="https://log4shell.huntress.com/"><span style="color:#0563C1">https://log4shell.huntress.com/</span></a>
</span></b><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">Multi-State Information Sharing and Analysis Center (MS-ISAC)</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC)</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">31 Tech Valley Drive</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">East Greenbush, NY 12061</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black">24x7 Security Operations Center</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"><a href="mailto:SOC@cisecurity.org"><span style="color:#0563C1">SOC@cisecurity.org</span></a> - 1-866-787-4722</span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"><a href="https://www.cisecurity.org/isac/"><span style="color:windowtext;text-decoration:none"><img border="0" width="300" height="80" style="width:3.125in;height:.8333in" id="Picture_x0020_96" src="cid:image001.png@01D7F025.548DE300" alt="cid:image001.png@01D7E789.BE8CE700"></span></a></span><span style="color:black"><o:p></o:p></span></p>
<p><span style="font-family:"Arial",sans-serif;color:black"> <a href="https://www.linkedin.com/company/the-center-for-internet-security/"><span style="color:windowtext;text-decoration:none"><img border="0" width="38" height="38" style="width:.3958in;height:.3958in" id="Picture_x0020_95" src="cid:image002.png@01D7F025.548DE300" alt="cid:image002.png@01D7E789.BE8CE700"></span></a> <a href="https://twitter.com/CISecurity"><span style="color:windowtext;text-decoration:none"><img border="0" width="38" height="38" style="width:.3958in;height:.3958in" id="Picture_x0020_94" src="cid:image003.png@01D7F025.548DE300" alt="cid:image003.png@01D7E789.BE8CE700"></span></a> <a href="https://www.facebook.com/CenterforIntSec"><span style="color:windowtext;text-decoration:none"><img border="0" width="38" height="38" style="width:.3958in;height:.3958in" id="Picture_x0020_93" src="cid:image004.png@01D7F025.548DE300" alt="cid:image004.png@01D7E789.BE8CE700"></span></a> <a href="https://www.youtube.com/user/TheCISecurity"><span style="color:windowtext;text-decoration:none"><img border="0" width="38" height="38" style="width:.3958in;height:.3958in" id="Picture_x0020_92" src="cid:image005.png@01D7F025.548DE300" alt="cid:image005.png@01D7E789.BE8CE700"></span></a> <a href="https://www.instagram.com/cisecurity"><span style="color:windowtext;text-decoration:none"><img border="0" width="38" height="38" style="width:.3958in;height:.3958in" id="Picture_x0020_91" src="cid:image006.png@01D7F025.548DE300" alt="cid:image006.png@01D7E789.BE8CE700"></span></a></span><span style="color:black"><o:p></o:p></span></p>
<p style="background:white"><b><span style="font-family:"Arial",sans-serif;color:#091E42">TLP: WHITE</span></b><span style="font-family:"Arial",sans-serif;color:#091E42"><br>
</span><span style="font-family:"Arial",sans-serif;color:black"><a href="https://www.cisa.gov/tlp"><span style="font-size:9.0pt;color:#0052CC">https://www.cisa.gov/tlp</span></a></span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#091E42"><br>
Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.</span><span style="color:black"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">. . . . . <o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>