Warning! Global WannaCry Ransomeware Attack – What You Can Do To Prevent Infection

As has been reported in the media, there currently is a global ransomware attack (called WannaCry or WannaCryptor) that has affected computers worldwide. UT Arlington is currently not affected and both IT and Security teams are actively working this weekend to minimize the impact of an attack.

What you should know:

  • This malware affects all unpatched Microsoft Windows versions (from Windows 98 through Windows 10. Microsoft released patches for this in March through normal windows update.
  • Macintosh and Linux operating systems are not affected at this time.
  • The malware is initially delivered as an attachment or a link to a compressed .zip file. Unsuspecting victims who open the file on an unpatched computer are infected and the malware begins to encrypt files on the computer.
  • In addition to encrypting files, the malware looks for other computers on the network to infect, spreading itself within a vulnerable organization.

What has UTA IT Security has done so far:

  • An initial patch for the vulnerability was released in March and was installed on OIT managed Windows computers in the ARDC and on campus. Additional patches were released over the weekend.
  • Our Intrusion Prevention System has been updated to prevent direct attacks from the internet.
  • Our email system has been configured to quarantine compressed .zip files (that are manually inspected and released by OIT).
  • OIT has implemented protections on the file server to protect against encrypted files being placed on it.
  • OIT has verified that backups are running on the file servers (K: and J: drives) in the event of infection.
  • OIT has made available CrashPlan to back up data on computers.

What you should do:

  • Do not click on suspicious links or attachments received in your personal or UTA email. To learn about Ransomware: http://www.uta.edu/security/ransomware/
  • If your UTA computer managed by OIT, and it has not been turned on in a while, turn it on and reboot it when prompted.
  • If you are running an old version of Windows that is no longer supported (such as Windows 98 through Windows 8, Windows Server 20018, 2013, etc), Microsoft has released a patch that is available: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
  • Make sure that your home computers operating system and antivirus is up-to-date.
  • Do not open shared documents (e.g. Box, Dropbox, google drive, etc.) that you are not expecting.

If your UTA computer becomes infected, disconnect it from the network immediately. Please send email to helpdesk@uta.edu to report the infection.

Multiple Vulnerabilities Released Today.

Several important vulnerabilities in Microsoft products, including Windows, Office, .NET, Internet Explorer, were released today along with patch information. They are:

  • Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS14-057)
  • Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (MS14-058)
  • Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (MS14-061)
  • Cumulative Security Update for Internet Explorer (MS14-056)
  • Vulnerability in OLE Could Allow Remote Code Execution (MS14-060)
  • Multiple vulnerabilities found in Adobe Flash Player and Adobe AIR could allow an attacker to execute code remotely. (APSB14-22)
  • Critical Oracle Patches (http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html)

These Security Advisories will affect many users; student, staff and faculty; so it is important to update your instances of the software mentioned.

Microsoft Security Advisory

Microsoft has announced security advisory 2934088 for Internet Explorer 9 & 10 –

An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

You should apply the Fix it solution provided by Microsoft as soon as possible to mitigate this vulnerability – http://support.microsoft.com/kb/2934088.  If your computer is a member of the UTA domain, you should receive the patch automatically via SCCM.

The Information Security Office will continue to monitor this threat and can be reached via email at security@uta.edu.

Macintosh OS X 10.9 (Mavericks) Update & SecureDoc

Apple has released the next version of OS X, 10.9 (Mavericks). If you have SecureDoc encryption software installed on a University owned Macintosh Computer, do not install this update until OIT announces support for it.  The SecureDoc software as well as other OIT supported application software have not been tested for compatibility with OS X 10.9 and is not currently supported.  WinMagic has not announced a release date for the compatible version SecureDoc encryption software. SecureDoc compatibility testing will begin immediately after WinMagic has released a version that supports OS X 10.9 and the campus will be notified when and how to proceed with the update.

For technical assistance contact the OIT Help Desk at 2-2208.

October 2013 Updates

Adobe

Acrobat/Reader

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.04) for Windows.  These updates address a regression that occurred in version 11.0.04 affecting Javascript security controls.

Microsoft

MS13-080: Cumulative Security Update for Internet Explorer (2879017) – Critical

MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008) – Critical

MS13-082: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890) – Critical

MS13-083: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058) – Critical

MS13-084: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089) – Important

MS13-085: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) – Important

MS13-086: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084) – Important

MS13-087: Vulnerability in Silverlight Could Allow Information Disclosure (2890788) – Important