OIT Information Security Office

The Official Web Log of the OIT Information Security Office. www.uta.edu/security

OIT Information Security Office header image 1

Super Tuesday Summary - August 2008

August 14th, 2008 · No Comments

The second Tuesday of the month has come and gone and with that we have a several patches with which to follow-up.  Keep in mind “Super Tuesday” though initiated by Microsoft has also become a popular day for other companies to release their scheduled patches as well.  So regardless of your OS of choice please check with your update service for any new items.

Microsoft released 11 patches

Six of the eleven patches are listed as Critical and should be applied immediately.

- MS08-041 - Critical (high) – Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution

- MS08-042 - Important (medium) – Vulnerability in Microsoft Word Could Allow Remote Code Execution

- MS08-043 - Critical (high) – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution

- MS08-044 - Critical (high) – Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution

- MS08-045 - Critical (high) – Cumulative Security Update for Internet Explorer

- MS08-046 - Critical (high) – Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution

- MS08-047 - Important (medium) – Vulnerability in IPsec Policy Processing Could Allow Information Disclosure

- MS08-048 - Important (medium) – Security Update for Outlook Express and Windows Mail

- MS08-049 - Important (medium) – Vulnerabilities in Event System Could Allow Remote Code Execution

- MS08-050 - Important (medium) – Vulnerability in Windows Messenger Could Allow Information Disclosure

- MS08-051 - Critical (high) – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution

- Microsoft also released the usual updates and signatures for the Malicious Software Removal Tool, Outlook / Mail email junk filters, and Defender definitions.

For more information on MS patches see,

https://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx

https://blogs.technet.com/msrc/

https://blogs.technet.com/swi/

For the Mac users

Apple released Security Update 2008-005 for OS X 10.4.11 and 10.5.4  **

** NOTE - This set of patches fixes the DNS Vulnerability for Mac and should be installed immediately

Apple released iPhone 2.0 and iPod touch 2.0

Apple released Xcode tool 3.1 for OS X 10.5.x

Apple released Apple TV 2.1

For more information on Apple updates see,

https://support.apple.com/kb/HT1222

https://www.apple.com/support/security/guides/

For the linux users

Solaris users, Update / Patch your Adobe Reader

Torrent users, There were several torrent products with multiple updates in the last month, check for patches.  (uTorrent, BitTorrent)

The poplar distributions all released updates for their respective  package repositories

Redhat,  Fedora,

Ubuntu, Debian,

Gentoo,

Slackware,

Suse

As always, run your distro / package manager of choice on a regular basis.

Other Applications

Oracle had a 0-day announcement and have provided a work around / patch.

Oracle WebLogic Server Apache Connector Buffer Overflow Vulnerability

Dan Kaminsky  announced a significant bug in DNS.

Happy patching and we’ll see you next month.

**All UT Arlington Windows based assets should be registered with the OIT WSUS server and should receive critical MS patches automatically. If your device is not registered or not receiving patches please contact the OIT HelpDesk at 2-2208.

→ No CommentsTags: Patches

Super Tuesday Summary - July 2008

July 9th, 2008 · No Comments

The second Tuesday of the month has come and gone and with that we have a several patches with which to follow-up. Keep in mind “Super Tuesday” though initiated by Microsoft has also become a popular day for other companies to release their scheduled patches as well. So regardless of your OS of choice please check with your update service for any new items.

Microsoft released 4 patches

All four patches are listed as Important and should be applied promptly.

- MS08-037 - Important (medium) – Vulnerabilities in DNS Could Allow Spoofing

- MS08-038 - Important (medium) – Vulnerability in Windows Explorer Could Allow Remote Code Execution

- MS08-039 - Important (medium) – Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege

- MS08-040 - Important (medium) – Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege

- Microsoft also released the usual updates and signatures for the Malicious Software Removal Tool, Outlook / Mail email junk filters, and Defender definitions.

For more information on MS patches see, http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx

http://blogs.technet.com/msrc/

http://blogs.technet.com/swi/

For the Mac users

Apple released Security Update 2008-004

Apple released Safari 3.1.2 for Windows and OS X 10.4

For more information on Apple updates see, http://docs.info.apple.com/article.html?artnum=61798

http://www.apple.com/support/security/guides/

For the linux users

VIM released patches, ver 7.1.299

Poplar distributions releases a multitude of packaged patches, Redhat, Fedora, Ubuntu, Debian, Gentoo, etc.

As always, run your distro / package manager of choice on a regular basis.

Other Applications

Adobe released Acrobat Reader 9.0

Ruby released patches for both the 1.8 and 1.9 series of the Ruby Programming language

Happy patching and we’ll see you next month.

**All UT Arlington Windows based assets should be registered with the OIT WSUS server and should receive critical MS patches automatically. If your device is not registered or not receiving patches please contact the OIT HelpDesk at 2-2208.

→ No CommentsTags: Patches

Spam the Modern Chimera

June 26th, 2008 · No Comments

Spam prompting promises of greatness and exactly what you were looking for yet delivering annoyance, anguish, and damage.

We have all seen it and some of us may have been duped by it.  Apparently someone, or quite a few someones, are duped by it everyday, though I’ve never met anyone who would admit to it.  We laugh and we jeer at the bad grammar, we shutter and grow red in the face at the brazen expletives, we grow angry that it just won’t stop.  But some where someone is ordering the latest wonder medication at 50% off, only to receive a box of sugar pills and have their identity stolen.

Plain and simple - If Spam was not effective, the spammers would stop sending it.

Fact - More than 80% of all email messages are spam.  **the reported percentage will vary based on who is generating the report.

SenderBase.org currently reports that only 12.5% of worldwide email is legitimate.

Fact - Spam filters can only stop what they know about.

As such Spam is highly dynamic and is constantly changing.  Spammers are changing how they operate every day.  Every change in Spam sending requires a change in Spam detection.

One of the latest tactics is the use of  auto-responders (out of office messages) and server error messages to deliver spam.

What can you do to help limit the amount of spam that you receive?

- Do Not post your email address on websites.  If you have to post your email address publicly write out the format like, bob at bob dot com.  This will make it more difficult for automated spiders to harvest your email address and add it to a spam list.

- Be wary of email from names you do not recognize and do not use “unsubscribe” links from publications you have not signed-up with.

- Use a “throw-a-way” email account for product and website registrations.

- Keep your personal and professional email seperate.

What can you do when you receive spam?

Every email service today provides a means by which to report spam.  Web-based email services will typically have a button to report spam and block a sender.  Most corporations will have an email address to which you can forward a bad message.

Most email clients (outlook, thunderbird, mail, etc.) will have “junk” mail folders with various configurable options.  Look through the settings on your client and become familiar with it’s capabilities.

- If you are using your UTA MavMail and you use MS Outlook as your email client you can install a tool bar and report spam directly to the manufacturer of our anti-spam filter.  This is the perferred means of reporting spam as it provides the manufacturer with the necessary data in the timliest fashion so that they can more quickly update their detection capabilities.

The tool bar is available here.

- If you are using your UTA MavMail and receive a spam message you can report the message to spam(at)uta(dot)edu.  When reporting messages to this account DO NOT use the forward option.  By simply selecting ‘Forward’ key header information is lost, thus limiting the usefulness of the report.  Please forward the original message as an attachment.  This is best accomplished by opening a new message and “drag and drop” the spam message directly from your inbox.

** this mail box is monitored by hand and milage may vary.

- Manage your Quarantine.   If you are using your UTA MavMail you should have seen a message from the quarantine server by now.  Log on to your quaratine occasionally to verify that no valid email is being tagged as spam.  Or just log on to see how much spam has been blocked.  In the event that valid email has been blocked you can “release” that message from quarantine and report these to spam(at)uta(dot)edu or call the OIT HelpDesk.

Unfortunately the spam problem will not be solved any time in the foreseeable future.   Until that fabled day, Good Luck and Happy Filtering.

→ No CommentsTags: Awareness · Software · Tips

Super Tuesday Summary - June 2008

June 11th, 2008 · No Comments

The second Tuesday of the month has come and gone and with that we have a several patches with which to follow-up. Keep in mind “Super Tuesday” though initiated by Microsoft has also become a popular day for other companies to release their scheduled patches as well. So regardless of your OS of choice please check with your update service for any new items.

Microsoft released 7 patches

Three of the four patches are listed as Critical and should be applied immediately.

- MS08-030 - Critical (high) – Vulnerability in Bluetooth Stack Could Allow Remote Code Execution

- MS08-031 - Critical (high) – Cumulative Security Update for Internet Explorer

- MS08-032 - Moderate (low) – Cumulative Security Update of ActiveX Kill Bits

- MS08-033 - Critical (high) – Vulnerabilities in DirectX Could Allow Remote Code Execution

- MS08-034 - Important (medium) – Vulnerability in WINS Could Allow Elevation of Privilege

- MS08-035 - Important (medium) – Vulnerability in Active Directory Could Allow Denial of Service

- MS08-036 - Important (medium) – Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service

- Microsoft also released the usual updates and signatures for the Malicious Software Removal Tool, Outlook / Mail email junk filters, and Defender definitions.

For more information on MS patches see, http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx

http://blogs.technet.com/msrc/

http://blogs.technet.com/swi/

For the Mac users

Apple released Security Update 2008-003

Apple released QuickTime 7.5

Apple released  Security Configuration Guide for OS X 10.5 Leopard

For more information on Apple updates see, http://docs.info.apple.com/article.html?artnum=61798

http://www.apple.com/support/security/guides/

For the linux users

OpenSSL Updates.

Poplar distributions releases a multitude of packaged patches, Redhat, Fedora, Ubuntu, Debian, Gentoo, etc.

As always, run your distro / package manager of choice on a regular basis.

Happy patching and we’ll see you next month.

**All UT Arlington Windows based assets should be registered with the OIT WSUS server and should receive critical MS patches automatically. If your device is not registered or not receiving patches please contact the OIT HelpDesk at 2-2208.

→ No CommentsTags: Patches

National Security Webcast Participation - Invitation

June 4th, 2008 · No Comments

The UT Arlington OIT Information Security Office has been made aware of a series of national webcasts related to security.  We would like to take this opportunity to announce our participation in these webcast events by reserving space on campus and inviting students, faculty, and staff of UT Arlington to attend these free events.

What:

The US Department of Homeland Security’s National Cyber Security Division and the Multi-State Information Sharing and Analysis Center National Webcast Initiative, www.msisac.org

Time:

Wednesday June 18th @ 1 pm Central (duration 1 hour)

Location:

Room 204 Architecture Bldg, (West side of campus, across Nedderman Dr. from the MAC)

Max Seating is 176, seats are first come first served.

Topic:

Security 101 for Your PC

This webcast will be designed to inform attendees about cyber security issues, and also provide practical, actionable information that organizations and end users can apply immediately to their own environment. Items of discussion include the following:

  • implementing the first steps in securing a computer
  • installing a firewall, anti-virus software and patch updates
  • recognizing the signs of a computer compromise or incident
  • understanding methods of protection, including encryption, use of strong passwords, and others
  • physically protecting computers and private information
  • taking steps to securely dispose storage media and equipment

Presenters:

Lance Spitzner from HoneyTech

and

Barbara Chung from Microsoft

Please take an hour to join us for this informational and free event.

→ No CommentsTags: Awareness · WebCasts

Super Tuesday Summary - May 2008

May 14th, 2008 · No Comments

The second Tuesday of the month has come and gone and with that we have a several patches with which to follow-up.  Keep in mind “Super Tuesday” though initiated by Microsoft has also become a popular day for other companies to release their scheduled patches as well.  So regardless of your OS of choice please check with your update service for any new items.

Microsoft released 4 patches

Three of the four patches are listed as Critical and should be applied immediately.

- MS08-026 – Vulnerabilities in Microsoft Word Could Allow Remote Code Execution

- MS08-027 – Vulnerability in Microsoft Publisher Could Allow Remote Code Execution

- MS08-028 – Vulnerabilities in Microsoft Jet Database Engine Could Allow Remote Code Execution

- MS08-029 – Vulnerabilities in the Microsoft Malware Protection Engine Could Allow Denial of Service

- Microsoft also released the usual updates and signatures for the Malicious Software Removal Tool, Outlook / Mail email junk filters, and Defender definitions.

For more information on MS patches see, http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx

http://blogs.technet.com/msrc/

http://blogs.technet.com/swi/

For the Mac users

Apple released patches and / or updates for- Safari 3.1.1

For more information on Apple updates see, http://docs.info.apple.com/article.html?artnum=61798

For the linux users

KDE has a vulnerability in the processing of .PNG files that can allow a buffer overflow.

Poplar distributions releases a multitude of packaged patches, Redhat, Fedora, Ubuntu, Debian, Gentoo, etc.

As always, run your distro / package manager of choice on a regular basis.

Happy patching and we’ll see you next month.

**All UT Arlington Windows based assets should be registered with the OIT WSUS server and should receive critical MS patches automatically. If your device is not registered or not receiving patches please contact the OIT HelpDesk at 2-2208.

→ No CommentsTags: Patches