Feed on
Posts
Comments

This is our first posting and a welcome message to the UTPA community.  Keep in touch and we will keep you informed about emerging threats, offer you tips on how to keep your computer safe, and tell you about the different information security initiatives at the University.  We welcome suggestions and opinions; please feel free to post comments.

 

Microsoft has released new critical out of band security updates.  These updates will be pushed to all campus managed computers on 07/23/2015, please see below for specific updates being pushed.

 

Microsoft
Security Updates

MS15-065 : Security Update for Internet Explorer (3076321)
More info: https://technet.microsoft.com/en-us/library/security/MS15-065
Severity : Critical

MS15-066 : Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604)
More info: https://technet.microsoft.com/en-us/library/security/MS15-066
Severity : Critical

MS15-067 : Vulnerability in RDP Could Allow Remote Code Execution (3073094)
More info: https://technet.microsoft.com/en-us/library/security/MS15-067
Severity : Critical

MS15-068 : Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000)
More info: https://technet.microsoft.com/en-us/library/security/MS15-068
Severity : Critical

MS15-069 : Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)
More info: https://technet.microsoft.com/en-us/library/security/MS15-069
Severity : Important

MS15-070 : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)
More info: https://technet.microsoft.com/en-us/library/security/MS15-070
Severity : Important

MS15-072 : Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)
More info: https://technet.microsoft.com/en-us/library/security/MS15-072
Severity : Important

MS15-073 : Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)
More info: https://technet.microsoft.com/en-us/library/security/MS15-073
Severity : Important

MS15-074 : Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630)
More info: https://technet.microsoft.com/en-us/library/security/MS15-074
Severity : Important

MS15-075 : Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)
More info: https://technet.microsoft.com/en-us/library/security/MS15-075
Severity : Important

MS15-076 : Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)
More info: https://technet.microsoft.com/en-us/library/security/MS15-076
Severity : Important

MS15-077 : Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)
More info: https://technet.microsoft.com/en-us/library/security/MS15-077
Severity : Important

MS15-078 : Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904)
More info: https://technet.microsoft.com/library/security/MS15-078
Severity : Critical

Re-released

MS15-006 : Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365)
More info: https://technet.microsoft.com/library/security/MS15-006
Severity : Important

 

Microsoft Security Advisory

KB3079777: Security Update for Internet Explorer Flash Player for Windows 8
More info: https://support.microsoft.com/en-us/kb/3079777

 

Non – Security Critical Updates

April 2015 Office Update Release
More info : http://blogs.technet.com/b/office_sustained_engineering/archive/2015/07/14/july-2015-office-update-release.aspx
Adobe

Update Adobe Flash Player ActiveX to version 18.0.0.209
More info: http://helpx.adobe.com/security/products/flash-player/apsb15-18.html
Severity: Critical

Update Adobe Flash Player Plugin to version 18.0.0.209
More info: http://helpx.adobe.com/security/products/flash-player/apsb15-18.html
Severity: Critical

Update Adobe Reader/Acrobat 11 to version 11.0.12
More info: http://helpx.adobe.com/security/products/reader/apsb15-15.html
Severity: Critical

Update Adobe Reader/Acrobat 10 to version 10.1.15
More info: http://helpx.adobe.com/security/products/reader/apsb15-15.html
Severity: Critical

Update Adobe Air to version 18.0.0.180
More info:  http://helpx.adobe.com/security/products/flash-player/apsb15-16.html
Severity: Critical

 

Below is a summary of the combined security bulletins for the month of June 2015. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, June 18th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

Below is a summary of the combined security bulletins for the month of April 2015. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, April 23rd, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

Below is a summary of the combined security bulletins for the month of February 2015. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, February  19th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

Below is a summary of the combined security bulletins for the month of January 2015. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, January 22nd, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

Below is a summary of the combined security bulletins for the month of December 2014. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, December 18th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

Below is a summary of the combined security bulletins for the month of November 2014. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, November 20th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

Below is a summary of the combined security bulletins for the month of October 2014. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, October 23th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

There is a critical vulnerability that was recently discovered that is affecting devices running Linux, Unix, or Apple OS X.  The vulnerability is known as Bash Shellshock.  Please read the FAQs below for more information on how to protect yourself.

 

What can I do to protect myself while the vendor releases a patch?

Disable network services like SSH or web servers.  Keep checking with your operating system vendor (like Apple) to obtain the update as soon as it is available.

 

What can I do as a Mac user?

Go to System Preferences > Sharing > Remote Login.  Make sure this service is turned off.

 

What can I do as a Linux user?

Upgrade bash on your computer to a version that does not have this vulnerability.

 

What is the University doing to protect its resources against this threat?

Our perimeter firewall is already configured to block traffic that matches the signature for this threat. We still recommend that you exercise caution while your device is unpatched for this vulnerability.

 

How can I check if my computer is vulnerable or not?

Read the second article below. It will give you detailed information about the procedure. Please note, it will require some level of advanced computer skill.

 

Where can I get more information?

  1. Article from Symantec Security Response: http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability
  2. Article from WonderHowTo Mac Tips: http://mac-how-to.wonderhowto.com/how-to/every-mac-is-vulnerable-shellshock-bash-exploit-heres-patch-os-x-0157606/

 

This message is to warn you about an ongoing social engineering campaign targeting UTPA telephone numbers.  The individuals could for ask employment verification questions or information about other employees (e.g.  telephone numbers).  Please refrain from responding to their questions and end the conversation.  The University is going through a transition process and we might be more vulnerable to fall for these types of reconnaissance campaigns.  Please report any suspicious activities through our incident reporting page or contact us at 956-665-7124.

UTPA OCISO Incident Reporting Form: http://portal.utpa.edu/utpa_main/dba_home/iso_home/incident_form

Older Posts »