<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
h4
{mso-style-priority:9;
mso-style-link:"Heading 4 Char";
mso-margin-top-alt:auto;
margin-right:0in;
margin-bottom:2.4pt;
margin-left:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
color:black;
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.Heading4Char
{mso-style-name:"Heading 4 Char";
mso-style-priority:9;
mso-style-link:"Heading 4";
font-family:"Aptos",sans-serif;
color:#0F4761;
font-style:italic;}
span.first-word1
{mso-style-name:first-word1;
font-weight:bold;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:612396970;
mso-list-template-ids:1364336808;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1560824444;
mso-list-template-ids:1874746614;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1616329995;
mso-list-template-ids:421451976;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3
{mso-list-id:1848591658;
mso-list-template-ids:1343281928;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">Good afternoon,<o:p></o:p></span></p>
<p><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">The SOC Services team is reporting on the vulnerability
<b>CVE-2026-39987 : Critical Remote Code Execution in Marimo</b> which affects all Marimo instances accessible over the network where the terminal feature is enabled. Because confirmed active exploitation, including deployment of NKAbuse malware and credential
theft, we are providing this in-depth information. <o:p></o:p></span></p>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">History:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"> The vulnerability was publicly disclosed on April 9, 2026, following reports
of mass exploitation. The CVSS v4.0 base score is 9.3 (CRITICAL) provided by GitHub. At this time, this vulnerability has not been CVSSv3.X assessed or scored by NIST NVD.
<o:p></o:p></span></h4>
<h4 style="margin-top:0in"><span lang="EN" style="color:windowtext"><o:p> </o:p></span></h4>
<h4 style="margin-top:0in"><span lang="EN" style="font-family:"Calibri",sans-serif">Affected Versions<o:p></o:p></span></h4>
<ul style="margin-top:0in" type="disc" id="affectedVersionsList">
<li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Calibri",sans-serif">Marimo < 0.23.0<o:p></o:p></span></li></ul>
<h4 style="margin-top:0in"><span lang="EN" style="font-family:"Calibri",sans-serif">Fixed Versions<o:p></o:p></span></h4>
<ul style="margin-top:0in" type="disc" id="fixedVersionsList">
<li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo2">
<span lang="EN" style="font-family:"Calibri",sans-serif">Marimo >= 0.23.0<o:p></o:p></span></li></ul>
<p><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">Marimo is a reactive Python notebook for data science that allows users to create interactive tools and reproducible notebooks</span><span lang="EN" style="font-family:"Calibri",sans-serif">.<span style="color:black"><o:p></o:p></span></span></p>
<p><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">Vendor Advisory:
<a href="https://github.com/marimo-team/marimo/security/advisories/GHSA-m8gj-6756-p63w">
marimo GitHub Advisory: Pre-Auth RCE in /terminal/ws</a><o:p></o:p></span></p>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Intelligence:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"> A critical security vulnerability in Marimo, an open-source Python
notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. On April 23, 2026, CISA confirmed the vulnerability in the Known Exploited Vulnerabilities Catalog.<o:p></o:p></span></h4>
<p><strong><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">Exploitability:</span></strong><span lang="EN" style="font-family:"Calibri",sans-serif;color:black"> Network Exploitability<br>
<strong><span style="font-family:"Calibri",sans-serif">Complexity:</span></strong> Low<br>
<strong><span style="font-family:"Calibri",sans-serif">User Interaction:</span></strong> None<br>
<strong><span style="font-family:"Calibri",sans-serif">Remotely Exploitable:</span></strong> Yes<br>
<strong><span style="font-family:"Calibri",sans-serif">Proof of Concept:</span></strong> Publicly disclosed technical details equivalent to a PoC<br>
<strong><span style="font-family:"Calibri",sans-serif">Zero Day:</span></strong> No (Exploitation began shortly after N-Day disclosure)
<o:p></o:p></span></p>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Workarounds:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"> Disable the terminal feature in Marimo configuration if immediate patching
is not possible; Restrict network access to Marimo instances via VPN or IP allow-listing</span><span lang="EN" style="font-family:"Calibri",sans-serif;color:windowtext;font-weight:normal">.</span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"><o:p></o:p></span></h4>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">How it Works:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"> The /terminal/ws endpoint fails to call the validate_auth() function
used by other WebSocket endpoints. An attacker can initiate a WebSocket connection to this endpoint without any credentials, which provides a full PTY shell (Pseudo-Terminal) under the context of the user running the marimo process</span><span lang="EN" style="font-family:"Calibri",sans-serif;color:windowtext;font-weight:normal">.</span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"><o:p></o:p></span></h4>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Post-Exploit Impact:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"><o:p></o:p></span></h4>
<ul type="disc" id="postExploitImpactList">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo3">
<span lang="EN" style="font-family:"Calibri",sans-serif">Full system compromise and arbitrary command execution (CWE-306: Missing Authentication for Critical Function)<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo3">
<span lang="EN" style="font-family:"Calibri",sans-serif">Theft of environment variables, cloud metadata service (IMDS) credentials, and SSH keys (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor)<o:p></o:p></span></li></ul>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Indicators of Compromise (IoCs):</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"><o:p></o:p></span></h4>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;border-collapse:collapse">
<thead>
<tr>
<td style="border:solid #CCCCCC 1.0pt;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Type<o:p></o:p></span></b></p>
</td>
<td style="border:solid #CCCCCC 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Value<o:p></o:p></span></b></p>
</td>
<td style="border:solid #CCCCCC 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Description / Notes<o:p></o:p></span></b></p>
</td>
<td style="border:solid #CCCCCC 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Source<o:p></o:p></span></b></p>
</td>
</tr>
</thead>
<tbody>
<tr>
<td style="border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Malware Name<o:p></o:p></span></b></p>
</td>
<td style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">NKAbuse<o:p></o:p></span></p>
</td>
<td style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">Multi-platform P2P botnet/backdoor using NKN protocol for C2<o:p></o:p></span></p>
</td>
<td style="border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">Sysdig Threat Research<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<h4 style="margin-top:0in"><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif"><o:p><span style="text-decoration:none"> </span></o:p></span></span></h4>
<h4 style="margin-top:0in"><span class="first-word1"><span lang="EN" style="color:windowtext"><o:p><span style="text-decoration:none"> </span></o:p></span></span></h4>
<h4 style="margin-top:0in"><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Tenable Plugins:</span></span><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal;text-decoration:none">
As of the publication of this Vulnerability Notification, Tenable has not provided plugins and plugins are not currently in their development pipeline.</span></span><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif;color:windowtext;font-weight:normal;text-decoration:none"><o:p></o:p></span></span></h4>
<h4 style="margin-top:0in"><span class="first-word1"><span lang="EN" style="color:windowtext"><o:p><span style="text-decoration:none"> </span></o:p></span></span></h4>
<h4 style="margin-top:0in"><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Recommended Actions:</span></span><span style="font-family:"Calibri",sans-serif;font-weight:normal"><o:p></o:p></span></h4>
<p><strong><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">Date Added to KEV Catalog:</span></strong><span lang="EN" style="font-family:"Calibri",sans-serif;color:black"> April 23, 2026<br>
<strong><span style="font-family:"Calibri",sans-serif">Due Date for Remediation:</span></strong> May 7, 2026
<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Upgrade Marimo to version 0.23.0 or later immediately<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Audit existing Marimo instances for unauthorized WebSocket connections to /terminal/ws<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Verify host has not been compromised before applying patches.<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Apply appropriate updates provided by the vendor to vulnerable systems after testing.<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Run all software as a non-privileged user to reduce the impact of a successful attack.<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Apply the Principle of Least Privilege to all systems and services.<o:p></o:p></span></li></ul>
<p class="MsoNormal"><b><span lang="EN" style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></b></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="702" style="width:526.5pt;border-collapse:collapse">
<tbody>
<tr style="height:63.0pt">
<td width="118" valign="top" style="width:88.35pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-CN"><img border="0" width="121" height="87" style="width:1.2604in;height:.9062in" id="Picture_x0020_4" src="cid:image001.png@01DCD322.2D7F2B90"></span><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-CN"><o:p></o:p></span></p>
</td>
<td width="493" valign="top" style="width:369.65pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><b><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:ZH-CN">Cyber Security Services<o:p></o:p></span></b></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:ZH-CN">State of Oregon Cyber Security Services<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:ZH-CN">Enterprise Information Services | SOC<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:ZH-CN">Cyber Security Services (CSS)<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:ZH-CN">SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378</span><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-CN"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="color:black;mso-ligatures:standardcontextual"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN" style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></b></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN" style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
</body>
</html>