<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
span.EmailStyle22
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:935938706;
mso-list-template-ids:403967330;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1496217853;
mso-list-type:hybrid;
mso-list-template-ids:1152963076 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:1889223306;
mso-list-type:hybrid;
mso-list-template-ids:-487002984 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:49.5pt;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:85.5pt;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:121.5pt;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:157.5pt;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:193.5pt;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:229.5pt;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:265.5pt;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:301.5pt;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:337.5pt;
text-indent:-.25in;
font-family:Wingdings;}
@list l3
{mso-list-id:2055230227;
mso-list-template-ids:-1555366116;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Good afternoon,</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-ligatures:none"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The SOC Services team is reporting on the vulnerability:
<b><i>CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability</i></b>. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">History</span></u></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">: On June 11, 2024, Microsoft patched a race condition (Time of check Time-of-use)
vulnerability in several Microsoft Operating Systems for CVE-2024-30088. The vulnerability is described as elevation of privilege. CVE-2024-30088 was established as a CVE on June 11, 2024, and last modified on June 21, 2024, and is currently a CVSSv3 rating
of 7.0 (High).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Vulnerable Versions:<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:13.5pt;mso-list:l2 level1 lfo3">Windows 10 (multiple versions)<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:13.5pt;mso-list:l2 level1 lfo3">Windows 11 (multiple versions)<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:13.5pt;mso-list:l2 level1 lfo3">Windows Server 2016 (multiple versions)<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:13.5pt;mso-list:l2 level1 lfo3">Windows Server 2019 (multiple versions)<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:13.5pt;mso-list:l2 level1 lfo3">Windows Server 2022 (multiple versions)<o:p></o:p></li></ul>
<p class="MsoListParagraph" style="margin-left:49.5pt"><o:p> </o:p></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Fixed Versions:<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Link to Microsoft Security Response Center regarding CVE-2024-30088 patches:
<a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30088">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30088</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Intelligence</span></u></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">: As of October 15, 2024, the vulnerability has been confirmed as being exploited
in the wild. The vulnerability resides within the function, NtQueryInformationToken, particularly in the handling of the AuthzBasepCopyoutInternalSecurityAttributes function. The flaw stems from the kernel’s improper management of locking mechanisms when operating
on an object, a slip-up that could lead to unintended privilege escalation for malicious entities. The exposure of such a vulnerability is particularly alarming due to the elevated privileges attackers can gain – effectively seizing complete control over the
affected system. This privilege escalation can facilitate further malicious activities, including data theft, system sabotage, and the deployment of additional malware.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Additionally, on October 13, 2024, a Hacker News article was released stating, “an Iranian threat actor known as “OilRig” has been observed exploiting the now patched privilege
escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E and the broader Gulf region.” (<a href="https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html">https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html</a>).
In this article it is also stated that this group is using this attack to deploy a backdoor that leverages Microsoft Exchange servers for credentials theft.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Workarounds:</span></u></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> There are no workarounds at this time.
<o:p></o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">How it works</span></u></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">: The vulnerability allows for an attack vector where the SecurityAttributesList
from the kernel could be manipulated directly to a user-supplied pointer. This precarious action leads to multiple Time-of-Check to Time-of-Use (TOCTOU) vulnerabilities, whereby a malicious thread could alter the buffer pointer of an attribute name before
the RtlCopyUnicodeString function is called. Such manipulation enables the attacker to write to an arbitrary address with a controlled value and size.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Recently, “Initial access to target networks is facilitated by means of infiltrating a vulnerable web server to drop a web shell, followed by dropping the ngrok remote management
tool to maintain persistence and move to other endpoints in the network. The privilege escalation vulnerability subsequently serves as a conduit to deliver the backdoor, codenamed STEALHOOK, responsible for transmitting harvested data via the Exchange server
to an email address controlled by the attacker in the form of attachments. A notable technique employed by OilRig in the latest set of attacks involves the abuse of the elevated privileges to drop the password filter policy DLL (psgfilter.dll) in order to
extract sensitive credentials from domain users via domain controllers or local accounts on local machines. "The malicious actor took great care in working with the plaintext passwords while implementing the password filter export functions," the researchers
said. "The threat actor also utilized plaintext passwords to gain access and deploy tools remotely. The plaintext passwords were first encrypted before being exfiltrated when sent over networks." as stated in the Hacker News article.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Post-Exploit</span></u></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">: An attacker can leverage this vulnerability to escalate privileges and execute
arbitrary code in the context of SYSTEM.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">As of June 11, 2024 and updated on September 26, 2024, the following vulnerability plugins have been released and are currently in Tenable Security
Center:<o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Plugin<o:p></o:p></span></u></b></p>
</td>
<td width="672" valign="top" style="width:7.0in;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Title<o:p></o:p></span></u></b></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Severity<o:p></o:p></span></u></b></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 0in 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Platform<o:p></o:p></span></u></b></p>
</td>
</tr>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="kb5039227:%20Windows%20Server%202022%20/%20Azure%20Stack%20HCI%2022H2%20Security%20Update%20(June%202024)">200336</a><o:p></o:p></span></p>
</td>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">KB5039227: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (June 2024)<o:p></o:p></span></b></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Critical<o:p></o:p></span></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Nessus<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://www.tenable.com/plugins/nessus/200340">200340</a><o:p></o:p></span></p>
</td>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">KB5039225: Windows 10 LTS 1507 Security Update (June 2024)<o:p></o:p></span></b></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Critical<o:p></o:p></span></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Nessus<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://www.tenable.com/plugins/nessus/200342">200342</a><o:p></o:p></span></p>
</td>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">KB5039213: Windows 11 version 21H2 Security Update (June 2024)<o:p></o:p></span></b></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Critical<o:p></o:p></span></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Nessus<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://www.tenable.com/plugins/nessus/200343">200343</a><o:p></o:p></span></p>
</td>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">KB5039211: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (June 2024)<o:p></o:p></span></b></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Critical<o:p></o:p></span></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Nessus<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://www.tenable.com/plugins/nessus/200345">200345</a><o:p></o:p></span></p>
</td>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">KB5039212: Windows 11 version 22H2 / Windows 11 version 23H2 Security Update (June 2024)<o:p></o:p></span></b></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Critical<o:p></o:p></span></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Nessus<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://www.tenable.com/plugins/nessus/200349">200349</a><o:p></o:p></span></p>
</td>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">KB5039217: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2024)<o:p></o:p></span></b></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Critical<o:p></o:p></span></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Nessus<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://www.tenable.com/plugins/nessus/200351">200351</a><o:p></o:p></span></p>
</td>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">KB5039214: Windows 10 Version 1607 / Windows Server 2016 Security Update (June 2024)<o:p></o:p></span></b></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Critical<o:p></o:p></span></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Nessus<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://www.tenable.com/plugins/nessus/200352">200352</a><o:p></o:p></span></p>
</td>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">KB5039236: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (June 2024)<o:p></o:p></span></b></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Critical<o:p></o:p></span></p>
</td>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Nessus<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Recommended Actions</span></u></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level1 lfo6"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Verify host has not been compromised before applying patches.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l1 level1 lfo6">Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo6"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l1 level1 lfo6"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Apply the Principle of Least Privilege to all systems and services.<o:p></o:p></span></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="702" style="width:526.5pt;border-collapse:collapse">
<tbody>
<tr style="height:63.0pt">
<td width="118" valign="top" style="width:88.35pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;color:#1F497D;mso-ligatures:none"><img border="0" width="121" height="87" style="width:1.2604in;height:.9062in" id="Picture_x0020_4" src="cid:image001.png@01DB1EF9.FB92E640"></span><span style="font-size:11.0pt;line-height:105%;color:#1F497D;mso-ligatures:none"><o:p></o:p></span></p>
</td>
<td width="493" valign="top" style="width:369.65pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><b><span style="font-size:11.0pt;line-height:105%;mso-ligatures:none">Cyber Security Services<o:p></o:p></span></b></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;mso-ligatures:none">State of Oregon Cyber Security Services<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;mso-ligatures:none">Enterprise Information Services | SOC<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;mso-ligatures:none">Cyber Security Services (CSS)<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;mso-ligatures:none">SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378<span style="color:#1F497D"><o:p></o:p></span></span></p>
</td>
</tr>
<tr>
<td width="611" colspan="2" valign="top" style="width:458.05pt;padding:0in 4.65pt 0in 4.65pt">
<p class="MsoNormal" style="line-height:105%"><i><span style="font-size:11.0pt;line-height:105%;color:#2E74B5;mso-ligatures:none">“Ensuring user-friendly, reliable, and secure state technology systems that equitably serve Oregonians.”<o:p></o:p></span></i></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>