While voting systems operate in an air-gapped environment that may mitigate the Remote Desktop Protocol (RDP) vulnerability described in the notice, the EAC considers the Elliptic Curve Cryptography (ECC) validation vulnerability a significant threat to voting system security. According to information in DHS Emergency Directive 20-02, “This vulnerability may allow malicious software to bypass the trust store, allowing unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization, which may deceive users or thwart malware detection methods like anti-virus”. This vulnerability affects systems using Windows 10, Server 2016, and Server 2019. Please reach out to your voting system vendor for further information on whether or not your specific configuration is affected and their mitigation plans.