<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle21
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1436558381;
mso-list-template-ids:644011902;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1496217853;
mso-list-type:hybrid;
mso-list-template-ids:1152963076 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:2144618279;
mso-list-type:hybrid;
mso-list-template-ids:1094456434 -769916414 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:Calibri;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><a name="_Hlk122600425">Good morning,<o:p></o:p></a></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red">The previous alert has been updated. Updated information has been added in red.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">The Vulnerability Management team is reporting on this vulnerability due to its high visibility; we are providing this in-depth information:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b>MS-ISAC Advisory Number 2023-030 “</b><i>Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the
logged on user.”<o:p></o:p></i></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges
associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who
operate with administrative user rights.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="background:yellow;mso-highlight:yellow"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="color:red">Intelligence:<o:p></o:p></span></u></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red">On December 4, 2023 Microsoft identified nation-state activity that is actively exploiting the vulnerability. In addition to exploiting CVE-2023-23397, the group also seeks
to employ at least 7 other publicly available exploits. Microsoft strongly advises the patches be applied to Microsoft Outlook to mitigate the vulnerability.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="color:red">How it Works:<o:p></o:p></span></u></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red">The exploit functions by means of a specially crafted message being delivered to a user that includes an extended MAPI property for Reminders that is configured to point to
a threat actor controlled UNC path. The crafted message triggers a Net-NTLMv2 hash leak to the threat actor’s server. The user does not need to interact with the message, Outlook only needs to be running when the malicious MAPI property triggers a reminder
to allow the exploitation. <o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="color:red">Post-Exploit:<o:p></o:p></span></u></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red">Post-exploitation actions have been observed using Net-NTLMv2 relay attacks against Exchange Servers, using the Exchange Web Services API to send additional crafted messages
for further malicious attacks, and using the API to enumerate folders in a user’s mailbox as well as modify permissions so that any authenticated user can access all folder content with owner privileges.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="color:red">IOCS:<o:p></o:p></span></u></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red">Organizations can review SMBClient event logging for EventIds 30800, 30803, 30806, 30804, and 31001 to monitor the ServerName field for non-trusted servers.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red">Additionally, Process Creation event logs may reveal the following processes used during an attempted exploit:<o:p></o:p></span></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo4"><span style="mso-bookmark:_Hlk122600425"><span style="color:red">Parent process:
</span></span><span style="mso-bookmark:_Hlk122600425"><span style="font-family:Consolas">C:\Windows\system32\svchost.exe -k LocalService -p -s WebClient<o:p></o:p></span></span></li><li class="MsoListParagraph" style="color:red;margin-left:0in;mso-list:l2 level1 lfo4">
<span style="mso-bookmark:_Hlk122600425">Child process: </span><span style="mso-bookmark:_Hlk122600425"><span style="font-family:Consolas;color:windowtext">rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie <IP Address> hxxp://<Threat actor IP>/folder/sound.wav</span><o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red">The following registry keys may indicate that unexpected reminders were triggered for user Note or Task items if the user does not normally set reminders for such objects:<o:p></o:p></span></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="color:red;margin-left:0in;mso-list:l2 level1 lfo4">
<span style="mso-bookmark:_Hlk122600425">HKCU\Software\Microsoft\Office\<VERSION OF OUTLOOK>\Outlook\Tasks<o:p></o:p></span></li><li class="MsoListParagraph" style="color:red;margin-left:0in;mso-list:l2 level1 lfo4">
<span style="mso-bookmark:_Hlk122600425">HKCU\Software\Microsoft\Office\<VERSION OF OUTLOOK>\Outlook\Notes<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="background:yellow;mso-highlight:yellow"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="color:red">Additional Resources:<o:p></o:p></span></u></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="color:red">Further information may be found at Microsoft’s article on Guidance for Investigating Attacks Using CVE-2023-23397 at
</span></span><a href="https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/"><span style="mso-bookmark:_Hlk122600425">https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">More information can be found by reading Microsoft’s Update Guide which is linked here:
</span><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397"><span style="mso-bookmark:_Hlk122600425">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="background:yellow;mso-highlight:yellow"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">Additional information has been provided by MS-ISAC which is linked here:
</span><a href="https://www.cisecurity.org/advisory/critical-patches-issued-for-microsoft-products-march-14-2023_2023-030"><span style="mso-bookmark:_Hlk122600425">https://www.cisecurity.org/advisory/critical-patches-issued-for-microsoft-products-march-14-2023_2023-030</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span style="background:yellow;mso-highlight:yellow"><o:p> </o:p></span></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-bookmark:_Hlk122600425">As of March 16, 2023, the following vulnerability plugins have been released and are currently in Tenable Security Center:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><i><u>PluginID</u></i></b>
<b><i><u>Plugin Name</u></i></b> <b><i><u>Current Severity<o:p></o:p></u></i></b></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td width="95" valign="top" style="width:71.6pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://www.tenable.com/plugins/nessus/172607"><span style="mso-bookmark:_Hlk122600425"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif">172607</span></span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="702" valign="top" style="width:526.5pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425">Security Updates for Outlook C2R Elevation of Privilege<o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="156" valign="top" style="width:117.0pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"> Critical<o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr>
<td width="95" valign="top" style="width:71.6pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://www.tenable.com/plugins/nessus/172527"><span style="mso-bookmark:_Hlk122600425">172527</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="702" valign="top" style="width:526.5pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425">Security Updates for Outlook<o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="156" valign="top" style="width:117.0pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"> Critical<o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b>Recommended Actions:<o:p></o:p></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Review identified logs for unexpected or anomalous activity.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Scan environments using provided Tenable Nessus plugins.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Verify host has not been compromised before applying patches<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="mso-bookmark:_Hlk122600425">Apply the Principle of Least Privilege to all systems and services.<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<span style="mso-bookmark:_Hlk122600425"></span>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="702" style="width:526.5pt;border-collapse:collapse">
<tbody>
<tr style="height:63.0pt">
<td width="118" valign="top" style="width:88.35pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><span style="color:#1F497D"><img border="0" width="121" height="87" style="width:1.2638in;height:.9097in" id="Picture_x0020_4" src="cid:image001.png@01DA28E7.E4F74E20"><o:p></o:p></span></p>
</td>
<td width="493" valign="top" style="width:369.65pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><b>Cyber Security Services<o:p></o:p></b></p>
<p class="MsoNormal" style="line-height:105%">State of Oregon Cyber Security Services<o:p></o:p></p>
<p class="MsoNormal" style="line-height:105%">Enterprise Information Services | SOC<o:p></o:p></p>
<p class="MsoNormal" style="line-height:105%">Cyber Security Services (CSS)<o:p></o:p></p>
<p class="MsoNormal" style="line-height:105%">SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378<span style="color:#1F497D"><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="611" colspan="2" valign="top" style="width:458.05pt;padding:0in 4.65pt 0in 4.65pt">
<p class="MsoNormal" style="line-height:105%"><i><span style="color:#2E74B5">“Ensuring user-friendly, reliable and secure state technology systems that serve Oregonians.”<o:p></o:p></span></i></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>