Multiple Vulnerabilities Released Today.

Several important vulnerabilities in Microsoft products, including Windows, Office, .NET, Internet Explorer, were released today along with patch information. They are:

  • Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS14-057)
  • Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (MS14-058)
  • Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (MS14-061)
  • Cumulative Security Update for Internet Explorer (MS14-056)
  • Vulnerability in OLE Could Allow Remote Code Execution (MS14-060)
  • Multiple vulnerabilities found in Adobe Flash Player and Adobe AIR could allow an attacker to execute code remotely. (APSB14-22)
  • Critical Oracle Patches (http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html)

These Security Advisories will affect many users; student, staff and faculty; so it is important to update your instances of the software mentioned.

Microsoft Security Advisory

Microsoft has announced security advisory 2934088 for Internet Explorer 9 & 10 –

An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

You should apply the Fix it solution provided by Microsoft as soon as possible to mitigate this vulnerability – http://support.microsoft.com/kb/2934088.  If your computer is a member of the UTA domain, you should receive the patch automatically via SCCM.

The Information Security Office will continue to monitor this threat and can be reached via email at security@uta.edu.

Macintosh OS X 10.9 (Mavericks) Update & SecureDoc

Apple has released the next version of OS X, 10.9 (Mavericks). If you have SecureDoc encryption software installed on a University owned Macintosh Computer, do not install this update until OIT announces support for it.  The SecureDoc software as well as other OIT supported application software have not been tested for compatibility with OS X 10.9 and is not currently supported.  WinMagic has not announced a release date for the compatible version SecureDoc encryption software. SecureDoc compatibility testing will begin immediately after WinMagic has released a version that supports OS X 10.9 and the campus will be notified when and how to proceed with the update.

For technical assistance contact the OIT Help Desk at 2-2208.

October 2013 Updates

Adobe

Acrobat/Reader

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.04) for Windows.  These updates address a regression that occurred in version 11.0.04 affecting Javascript security controls.

Microsoft

MS13-080: Cumulative Security Update for Internet Explorer (2879017) – Critical

MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008) – Critical

MS13-082: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890) – Critical

MS13-083: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058) – Critical

MS13-084: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089) – Important

MS13-085: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) – Important

MS13-086: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084) – Important

MS13-087: Vulnerability in Silverlight Could Allow Information Disclosure (2890788) – Important

Mac OS X 10.8.5 Released

Mac users aren’t being left out of the patch cycle this month – Apple has just released update 10.8.5 and Security Update 2013-004.  If you are using a UTA issued Mac that is running WinMagic SecureDoc (full disk encryption), you should NOT perform any updates until compatibility has been tested by OIT and the ISO.

The updates address:

Apache

Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4

Bind

Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4

Certificate Trust Policy

Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4

ClamAV

Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5

CoreGraphics

Available for: OS X Mountain Lion v10.8 to v10.8.4

ImageIO

Available for: OS X Mountain Lion v10.8 to v10.8.4

Installer

Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4

IPSec

Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4

Kernel

Available for: OS X Mountain Lion v10.8 to v10.8.4

Mobile Device Management

Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4

OpenSSL

Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4

PHP

Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4

PostgreSQL

Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4

Power Management

Available for: OS X Mountain Lion v10.8 to v10.8.4

QuickTime

Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4

Screen Lock

Available for: OS X Mountain Lion v10.8 to v10.8.4

sudo

Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4

If you’re a user of Microsoft Office on your Mac, you’ll also need to run updates for Office – more details are available at Microsoft’s Support Page.