This is our first posting and a welcome message to the UTPA community.  Keep in touch and we will keep you informed about emerging threats, offer you tips on how to keep your computer safe, and tell you about the different information security initiatives at the University.  We welcome suggestions and opinions; please feel free to post comments.

Below is a summary of the combined security bulletins for the month of May 2012.  Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, May 17th, at 11:00pm.  If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically. 

How to update your PC
How to update your Mac

 Important notice to computers joined to the UTPA domain: The update distribution process has changed.  Beginning this month, on the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm.  This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

Software Update Installation Notification

• Microsoft Security Bulletins
• MS12-029: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-029
  Severity: Critical
• MS12-030: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-030
  Severity: Important
• MS12-031: Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-031
  Severity: Important
• MS12-032: Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-032
  Severity: Important
• MS12-033: Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-033
  Severity: Important
• MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-034
  Severity: Critical
• MS12-035: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-035
  Severity: Critical
• (Re-released) MS11-025 : Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms11-025
  Severity: Critical
• Microsoft Non-Security Updates
• KB2589345 : Update for Microsoft OneNote 2010
  More info : http://support.microsoft.com/kb/2589345
• KB2598290 : Update for Microsoft Office Outlook 2007 Junk Email Filter
  More info : http://support.microsoft.com/kb/2598290
• KB2598343 : Update for Microsoft Office Outlook 2003 Junk Email Filter
  More info : http://support.microsoft.com/kb/2598343
• KB2633952 : Update for Windows
  More info : http://support.microsoft.com/kb/2633952
• KB2641690 : Update for Windows Server
  More info : http://support.microsoft.com/kb/2641690
• KB2695962 : Update Rollup for ActiveX Killbits for Windows
  More info : http://support.microsoft.com/kb/2695962
• Adobe
• Update Adobe Flash Player to version 11.2.202.235
  Severity: Critical
  More info: http://www.adobe.com/support/security/bulletins/apsb12-09.html
• Update Adobe Shockwave Player to version 11.6.5.635
  Severity: Critical
  More info: http://www.adobe.com/support/security/bulletins/apsb12-13.html
• Apple
• iOS 5.1.1 Software Update
  More Info: http://support.apple.com/kb/HT5278
  Severity: Critical
• Safari 5.1.7
  More Info: http://support.apple.com/kb/HT5282
  Severity: Critical
• OS X Lion v10.7.4 and Security Update 2012-002
  More Info: http://support.apple.com/kb/HT5281
  Severity: Critical
  Note: If the machine has SecureDoc Disk Encryption do not update until software is upgraded to version 5.3 SR2. Contact the Helpdesk for assistance.
• Leopard Security Update 2012-003
  More Info: http://support.apple.com/kb/HT5283
  Severity: Critical

Below is a summary of the combined security bulletins for the month of April 2012.  Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, April 19th, at 11:00pm.  If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically. 

How to update your PC
How to update your Mac

• Microsoft Security Bulletins
• MS12-023: Cumulative Security Update for Internet Explorer (2675157)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-023
  Severity: Critical
• MS12-024: Vulnerability in Windows Could Allow Remote Code Execution (2653956)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-024
  Severity: Critical
• MS12-025: Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-025
  Severity: Critical
• MS12-027: Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-027
  Severity: Critical
• MS12-028: Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-028
  Severity: Important
• Microsoft Non-Security Updates
• KB2553267 : Update for Microsoft Office 2010
  More info : http://support.microsoft.com/kb/2553267
• KB2553406 : Update for Microsoft Outlook Social Connector 2010
  More info : http://support.microsoft.com/kb/2553406
• KB2553248 : Update for Microsoft Outlook 2010
  More info : http://support.microsoft.com/kb/2553248
• KB2598306 : Update for Microsoft Office 2007 suites
  More info : http://support.microsoft.com/kb/2598306
• KB2598292 : Update for Microsoft Office Outlook 2003 Junk Email Filter
  More info : http://support.microsoft.com/kb/2598292
• Adobe
• Update Adobe Flash Player to version 11.2.202.228
  Severity: Critical
  More info: http://www.adobe.com/support/security/bulletins/apsb12-07.html
• Update Adobe Reader to version 10.1.3
  Severity: Critical
  More info: http://www.adobe.com/support/security/bulletins/apsb12-08.html
• Apple
  • Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8
    More Info: http://support.apple.com/kb/HT5247
    Severity: Critical

Below is a summary of the combined security bulletins for the month of March 2012.  Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, March 22nd, at 11:00pm.  If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically. 

How to update your PC
How to update your Mac

• Microsoft Security Bulletins
• MS12-017: Vulnerability in DNS Server Could Allow Denial of Service (2647170)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-017
  Severity: Important
• MS12-018: Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-018
  Severity: Important
• MS12-019: Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-019
  Severity: Moderate
• MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-020
  Severity: Critical
• MS12-021: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-021
  Severity: Important
• MS12-022: Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-022
  Severity: Important
• Microsoft Non-Security Updates
• KB2597970 : Update for Microsoft Office 2007 suites
  More info : http://support.microsoft.com/kb/2597970
• KB2598246 : Update for Microsoft Office Outlook 2003
  More info : http://support.microsoft.com/kb/2598246
• KB2647518 : Update Rollup for ActiveX Killbits for Windows
  More info : http://support.microsoft.com/kb/2647518
• Adobe
• Update Adobe Flash Player to version 11.1.102.63
  Severity: Critical
  More info: http://www.adobe.com/support/security/bulletins/apsb12-05.html
• Apple
• Safari 5.14 was released to address security vulnerabilities
  More Info: http://support.apple.com/kb/HT5190
  Severity: Critical
• iOS 5.1 Security Update
  More Info: http://support.apple.com/kb/HT5192
  Severity: Critical
• iTunes 10.6 was released to address security vulnerabilities
  More Info: http://support.apple.com/kb/HT5191
  Severity: Critical
• Oracle
• Java update to Version 6 Update 31
  More Info: http://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html
  Severity: Critical

Below is a summary of the combined security bulletins for the month of February 2012.  Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, February 23rd, at 11:00pm.  If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically. 

How to update your PC
How to update your Mac

• Microsoft Security Bulletins
• MS12-008: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-008
  Severity: Critical
• MS12-009: Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-009
  Severity: Important
• MS12-010: Cumulative Security Update for Internet Explorer (2647516
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-010
  Severity: Critical
• MS12-011: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-011
  Severity: Important
• MS12-012: Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-012
  Severity: Important
• MS12-013: Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-013
  Severity: Critical
• MS12-014: Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-014
  Severity: Important
• MS12-015: Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-015
  Severity: Important
• MS12-016: Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-016
  Severity: Critical
• Microsoft Non-Security Updates
• KB2553141 : Update for Microsoft Office 2010
  More info : http://support.microsoft.com/kb/2553141
• KB2596714 : Update for Microsoft Office 2007 suites
  More info : http://support.microsoft.com/kb/2596714
• KB2597091 : Update for Microsoft Office 2010
  More info : http://support.microsoft.com/kb/2597091
• KB2597120 : Update for Microsoft Office 2007 suites
  More info : http://support.microsoft.com/kb/2597120
• KB2597968 : Update for Microsoft Office Outlook 2003 Junk Email Filter
  More info : http://support.microsoft.com/kb/2597968
• KB2597998 : Update for Microsoft Office 2007 suites
  More info : http://support.microsoft.com/kb/2597998
• Adobe
• Security update available for Adobe Flash Player (Upgrade to version 11.1.102.62)
  More Info: http://www.adobe.com/support/security/bulletins/apsb12-03.html
  Severity: Critical
•  Security update available for Adobe Shockwave Player(Upgrade to version 11.6.4.634)
  More Info: http://www.adobe.com/support/security/bulletins/apsb12-02.html
  Severity: Critical
• Apple
• OS X Lion v10.7.3 and Security Update 2012-001
  More Info: http://support.apple.com/kb/HT5130
  Severity: Critical

Symantec released a security advisory to inform customers using pcAnywhere.  There exists a vulnerability that can be used to execute arbitrary code on your computer.  If you are using a version of pcAnywhere that is vulnerable we recommend that you follow the vendor instructions in order to secure your computer. 

Vendor Bulletin: pcAnywhere Security Advisory

Vendor Hotfix: pcAnywhere hotfix

Below is a summary of the combined security bulletins for the month of January 2012.  Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, January 19th, at 11:00pm.  If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically. 

How to update your PC
How to update your Mac

• Microsoft Security Bulletins
• MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
  More info: http://technet.microsoft.com/security/bulletin/MS11-100
  Severity: Critical
• MS12-001:  Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-001
  Severity: Important
• MS12-002:  Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-002
  Severity: Important
• MS12-003:  Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-003
  Severity: Important
• MS12-004:  Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-004
  Severity: Critical
• MS12-005:  Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-005
  Severity: Important
• MS12-006:  Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-006
  Severity: Important
• Microsoft Non-Security Updates
• KB2597098 : Update for Microsoft Office Outlook 2003 Junk Email Filter
  More info : http://support.microsoft.com/kb/2597098
• KB2596686 : Update for Microsoft Office 2007 suites
  More info : http://support.microsoft.com/kb/2596686
• Adobe
  • Security updates available for Adobe Reader and Acrobat 9.x for Windows
    More Info: http://www.adobe.com/support/security/bulletins/apsb12-01.html
    Severity: Critical

On Tuesday, January 17th, 2012, a new setting to protect unattended computers will be applied to computers running Microsoft Windows.  This setting will lock the computer after being continually idle for more than 20 minutes.  We still recommend that you lock your computer immediately if it will be left unattended.  This can be accomplished by pressing the “Windows logo” key and the “L” key.  

This change is in response to the Desktop and Portable Computer Standard. Section 5.2.3.2 of this standard states “Staff, faculty and lab computers must be configured to auto-lock and password protect after a maximum of 20 minutes of inactivity. “  All UTPA-owned computers must comply with this standard.  Employees with Apple Mac or Linux computers must manually configure their systems to meet the standard.  

Below are the answers to some common questions you may have regarding this change.

1) What does this mean for me?

If your computer is continually idle for more than 20 minutes it will lock itself in order to protect access to University data.  At this point you will need to login once again to access the system.

 2) Will I lose my work?

No, everything will be the same way as it was before the computer was locked.

If you have any questions about the standard please contact the Information Security Office at 665-7124 or if you need help configuring your Mac to meet the standard please contact the IT Helpdesk at extension 665-2020.

The Desktop and Portable Computer Security Standard has been created to define the minimum security for computing devices that connect to the UTPA network.  If your computer is joined to the UTPA domain your computer is already compliant with the standard.  If not, please review the document and configure your system for compliance with the standard.

Below is a summary of the combined security bulletins for the month of December 2011.  Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, December 22nd, at 11:00pm.  If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically. 

How to update your PC
How to update your Mac

• Microsoft Security Bulletins
• MS11-087: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-087
  Severity: Critical
• MS11-090: Cumulative Security Update of ActiveX Kill Bits (2618451)
  More Info:http://technet.microsoft.com/en-us/security/bulletin/ms11-090
  Severity: Critical
• MS11-092: Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-092
  Severity: Critical
• MS11-088: Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-088
  Severity: Important
• MS11-089: Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-089
  Severity: Important
• MS11-091: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-091
  Severity: Important
• MS11-093: Vulnerability in OLE Could Allow Remote Code Execution (2624667)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-093
  Severity: Important
• MS11-094: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-094
  Severity: Important
• MS11-095: Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-095
  Severity: Important
• MS11-096: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-096
  Severity: Important
• MS11-097: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-097
  Severity: Important
• MS11-098: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-098
  Severity: Important
• MS11-099: Cumulative Security Update for Internet Explorer (2618444)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-099
  Severity: Important
• Microsoft Non-Security Updates
• KB2553270: Update for Microsoft Office 2010
  More Info: http://support.microsoft.com/kb/2553270
• KB2553385: Update for Microsoft Office 2010
  More Info: http://support.microsoft.com/kb/2553385
• KB2553439: Update for Microsoft Excel 2010
  More Info: http://support.microsoft.com/kb/2553439
• KB2596596: Update for Microsoft Office Excel 2007
  More Info: http://support.microsoft.com/kb/2596596
• KB2596651: Update for Microsoft Office 2007 suites
  More Info: http://support.microsoft.com/kb/2596651
• KB2596789: Update for Microsoft Office 2007 suites
  More Info: http://support.microsoft.com/kb/2596789
• KB2596963: Update for Microsoft Office 2010
  More Info: http://support.microsoft.com/kb/2596963
• KB2596964: Update for Microsoft Office 2010
  More Info: http://support.microsoft.com/kb/2596964
• KB2597035: Update for Microsoft Office Outlook 2003 Junk Email Filter
  More Info: http://support.microsoft.com/kb/2597035
• Adobe
• Security updates available for Adobe Reader and Acrobat 9.x for Windows
  More Info: https://www.adobe.com/support/security/bulletins/apsb11-30.html
  Severity: Critical
• Oracle
  • Java (Upgrade to version 6 update 30)
    More info: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
    Severity: Critical

Below is a summary of the combined security bulletins for the month of November 2011.  Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, October 20th, at 11:00pm.  If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically. 

How to update your PC
How to update your Mac
Check your version of Adobe Flash Player
Check your version of Adobe Shockwave Player

Summary of Updates for November 2011

• Microsoft Security Bulletins: 4
• Microsoft Non-Security Updates: 6
• Adobe: 2
• Apple: 1
• Oracle: 1

• Microsoft Security Bulletins
• MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-083
  Severity: Critical
• MS11-084: Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-084
  Severity: Moderate
• MS11-085: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-085
  Severity: Important
• MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)
  More Info: http://technet.microsoft.com/en-us/security/bulletin/ms11-086
  Severity: Important
• Microsoft Non-Security Updates
• KB2553181: Update for Microsoft Office 2010
  More Info: http://support.microsoft.com/kb/2553181
• KB2553290: Update for Microsoft OneNote 2010
  More Info: http://support.microsoft.com/kb/2553290
• KB2553310: Update for Microsoft Office 2010
  More Info: http://support.microsoft.com/kb/2553310
• KB2553323: Update for Microsoft Outlook 2010
  More Info: http://support.microsoft.com/kb/2553323
• KB2553455: Update for Microsoft Office 2010
  More Info: http://support.microsoft.com/kb/2553455
• KB2596972: Update for Microsoft Office Outlook 2003 Junk Email Filter
  More Info: http://support.microsoft.com/kb/2596972
• Adobe
• Security Update for Adobe Flash Player (Upgrade to version 11.0.102.55)
  More Info: http://www.adobe.com/support/security/bulletins/apsb11-28.html
  Severity: Critical
• Security Update for Adobe Shockwave Player (Upgrade to version 11.6.3.633)
  More Info: http://www.adobe.com/support/security/bulletins/apsb11-27.html
  Severity: Critical
• Apple
• Apple QuickTime Player update to version 7.7.1
  More info: http://support.apple.com/kb/HT5016
  Severity: Important
• Oracle
  • Java (Upgrade to version 6 update 29)
    More info: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
    Severity: Critical