OIT Information Security Office

May 2013
M	T	W	T	F	S	S
« Mar
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Super Tuesday Summary – July 2010

July 14th, 2010 · Patches

The second Tuesday of the month has come and gone and with that we have a several patches with which to follow-up. Keep in mind “Super Tuesday” though initiated by Microsoft has also become a popular day for other companies to release their scheduled patches as well. So regardless of your OS of choice please check with your update service for any new items.

Microsoft Users

Microsoft released four (4) patches this month.

Three (3) of the patches are listed as critical and should be applied immediately.

MS10-042 – Critical (high) – Vulnerability in Help and SupportCenter Could Allow Remote Code Execution (2229593)
MS10-043 – Critical (high) – Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
MS10-044 – Critical (high) – Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)
MS10-045 – Important (medium) – Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)

Microsoft also released the usual updates and signatures for the
- Anti-Malware definitions for FCS and SE
- Malicious Software Removal Tool
- Outlook / Mail email junk filters

For more information on MS patches see,

https://www.microsoft.com/technet/security/Bulletin/MS10-jul.mspx
https://blogs.technet.com/msrc/
https://blogs.technet.com/swi/

Macintosh and Apple Software users

Apple released
OS X 10.6.4iOS 4 – ISO Recommended Critical
Security Update 2010-004 (for OSX 10.5.8) – ISO Recommended Critical
iOS 4 (for iphone and ipod touch) – ISO Recommended Critical
iTunes 9.2 – ISO Recommended Critical
Safari 5.0 – ISO Recommended Critical
Java for Mac update 2 (for OSX 10.6) – ISO Recommended Critical
Java for Mac update 7 (for OSX 10.5) – ISO Recommended Critical

For more information on Apple updates see, https://support.apple.com/kb/HT1222
https://www.apple.com/support/security/guides/

Linux users

The popular distributions all released updates for their respective package repositories
Redhat, Fedora, Ubuntu, Debian, Gentoo, Slackware, Suse, etc.

As always, run your distro / package manager of choice on a regular basis.

Browser Security

More and more of the exploits are targeting web browsers. Regardless of what operating system you are running the web browser is the biggest open door into your system.
All the major browsers released updated and patched versions this month. Take a moment to verify that your browser is up to date.

Current browser versions:

IE – IE8 (8.0.6001.18702)

Firefox – 3.6.6 **new version

Safari – 5 (7533.16) **new version

Opera -10.60 (build 3445) **new version

Google Chrome – 5.0.375.99 **new version

Other Applications

Oracle released 59 critical patches.

Adobe released
APSB10-14 Security updates available for Adobe Flash Player
APSB10-15 Security updates available for Adobe Reader and Adobe Acrobat

Adobe Reader 9.3.3 ISO Recommended Critical

Adobe Acrobat 9.3.3 ISO Recommended Critical

Adobe Flash Player 10.1.53.64 ISO Recommended Critical

- – -

Happy patching and we’ll see you next month.

**All UT Arlington Windows based assets should be registered with the UTA domain and should receive critical MS patches automatically via SCCM. If your device is not registered or not receiving patches please contact the OIT HelpDesk at 2-2208.

→ No CommentsTags:

Super Tuesday Summary – April 2010

April 14th, 2010 · Patches

Microsoft Users

Microsoft released eleven (11) patches this month.

Five (5) of the patches are listed as critical and should be applied immediately.

MS10-019 – Critical (high) – Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
MS10-020 – Critical (high) – Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
MS10-021 – Important (medium) – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
MS10-022 – Important (medium) – Vulnerability in VBScript Could Allow Remote Code Execution (981169)
MS10-023 – Important (medium) – Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
MS10-024 – Important (medium) – Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
MS10-025 – Critical (high) – Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
MS10-026 – Critical (high) – Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
MS10-027 – Critical (high) – Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
MS10-028 – Important (medium) – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
MS10-029 – Moderate (low) – Vulnerabilities in Windows ISATAP Component Could Allow Spoofing (978338)

Microsoft also released the usual updates and signatures for the
- Anti-Malware definitions for FCS and SE
- Malicious Software Removal Tool
- Outlook / Mail email junk filters

For more information on MS patches see,

https://www.microsoft.com/technet/security/Bulletin/MS10-mar.mspx
https://blogs.technet.com/msrc/
https://blogs.technet.com/swi/

Macintosh and Apple Software users

Apple released OSX 10.6.3 – ISO Recommended Critical
Apple released QuickTime 7.6.6 – ISO Recommended Critical
Apple released iTunes 9.1 – ISO Recommended Critical
Apple released AirPort Base Station 2010-001 – ISO Recommended Critical

For more information on Apple updates see, https://support.apple.com/kb/HT1222
https://www.apple.com/support/security/guides/

Linux users

The popular distributions all released updates for their respective package repositories
Redhat, Fedora, Ubuntu, Debian, Gentoo, Slackware, Suse, etc.

As always, run your distro / package manager of choice on a regular basis.

Browser Security

Current browser versions:

IE – IE8 (8.0.6001.18702)

Firefox – 3.6.3 **new version

Safari – 4.0.5 (531.22.7)

Opera -10.51 (build 3315) **new version

Google Chrome – 4.1.249.1045 **new version

Other Applications

Oracle released 47 critical patches.

Adobe released APSB10-09 Security updates available for Adobe Reader and Acrobat.
Adobe Reader 9.3.2 ISO Recommended Critical
Adobe Acrobat 9.3.2 ISO Recommended Critical

Happy patching and we’ll see you next month.

→ No CommentsTags:

Super Tuesday Summary – March 2010

March 22nd, 2010 · Patches

Microsoft Users

Microsoft released two (2) patches this month.

Both of the patches are listed as Important and should be applied.

- MS10-016 – Important (medium) – Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
- MS10-017 – Important (medium) – Vulnerabilities in Microsoft Office

Microsoft also released the usual updates and signatures for the
- Anti-Malware definitions for FCS and SE
- Malicious Software Removal Tool
- Outlook / Mail email junk filters

For more information on MS patches see,

https://www.microsoft.com/technet/security/Bulletin/MS10-mar.mspx
https://blogs.technet.com/msrc/
https://blogs.technet.com/swi/

Macintosh and Apple Software users

Apple released Safari 4.0.5 – ISO Recommended Critical

For more information on Apple updates see, https://support.apple.com/kb/HT1222
https://www.apple.com/support/security/guides/

Linux users

The popular distributions all released updates for their respective package repositories
Redhat, Fedora, Ubuntu, Debian, Gentoo, Slackware, Suse, etc.

As always, run your distro / package manager of choice on a regular basis.

Browser Security

Current browser versions:

IE – IE8 (8.0.6001.18702)

Firefox – 3.6

Safari – 4.0.5 (531.22.7) **new version

Opera -10.10 (build 1893)

Google Chrome – 4.1.249.1036 **new version

Other Applications

No other major updates caught our attention this month.

Happy patching and we’ll see you next month.

→ No CommentsTags:

Spam on Campus – IT Service

March 8th, 2010 · Spam

Today we were made aware that some offices on campus are receiving a spam message claiming to be be part of WEBCTSERVICE.

This is a phishing attempt and should be deleted.

SAMPLE MESSAGE

——————————————————————————————–

From: R.N. [mailto:mayo.edu]
Sent: Friday, March 05, 2010 10:42 AM
Subject: IT Service

IT Service,
You have exceeded the limit of your mailbox set by your WEBCTSERVICE/Administrator, and you will be having problems in sending and recieving mails Until You Re-Validate. To prevent this, please click on the link below to reset your account.
CLICKHERE:<link removed>
Regards,
IT Service
System Administrator

→ No CommentsTags:

Super Tuesday Summary – February 2010

February 23rd, 2010 · Patches

Microsoft Users

Microsoft released thirteen (13) patches this month.

Five (5) of the patches are listed as Critical and should be applied immediately.

- MS10-003 – Important (medium) – Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
- MS10-004 – Important (medium) – Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
- MS10-005 – Important (medium) – Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
- MS10-006 – Critical (high) – Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
- MS10-007 – Critical (high) – Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
- MS10-008 – Critical (high) – Cumulative Security Update of ActiveX Kill Bits (978262)
- MS10-009 – Critical (high) – Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
- MS10-010 – Important (medium) – Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
- MS10-011 – Important (medium) – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
- MS10-012 – Important (medium) – Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
- MS10-013 – Critical (high) – Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
- MS10-014 – Important (medium) – Vulnerability in Kerberos Could Allow Denial of Service (977290)
- MS10-015 – Moderate (low) – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)

Microsoft also released the usual updates and signatures for the
- Anti-Malware definitions for FCS and SE
- Malicious Software Removal Tool
- Outlook / Mail email junk filters

For more information on MS patches see,

https://www.microsoft.com/technet/security/Bulletin/MS10-feb.mspx
https://blogs.technet.com/msrc/
https://blogs.technet.com/swi/

Macintosh and Apple Software users

Apple released iPhone OS 3.1.3 for iPhone and iPod touch – ISO Recommended Critical

For more information on Apple updates see, https://support.apple.com/kb/HT1222
https://www.apple.com/support/security/guides/

Linux users

The popular distributions all released updates for their respective package repositories
Redhat, Fedora, Ubuntu, Debian, Gentoo, Slackware, Suse, etc.

As always, run your distro / package manager of choice on a regular basis.

Browser Security

Current browser versions:

IE – IE8 (8.0.6001.18702)

Firefox – 3.6

Safari – 4.0.4 (531.21.10)

Opera -10.10 (build 1893)

Google Chrome – 4.0.249.89 **new version

Other Applications

No other major updates caught our attention this month.

Happy patching and we’ll see you next month.

→ No CommentsTags:

Super Tuesday Summary – January 2010

February 2nd, 2010 · Patches

Microsoft Users

Microsoft released two (2) patches this month. One on Tuesday January 12th, and later one out of band patch on January 21st.

Both of the patches are listed as Critical and should be applied immediately.

- MS10-001 – Critical (high) – Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
- MS10-002 – Critical (high) – Cumulative Security Update for Internet Explorer (978207)

Microsoft also released the usual updates and signatures for the
- Anti-Malware definitions for FCS and SE
- Malicious Software Removal Tool
- Outlook / Mail email junk filters

For more information on MS patches see,

https://www.microsoft.com/technet/security/Bulletin/MS10-jan.mspx
https://blogs.technet.com/msrc/
https://blogs.technet.com/swi/

Macintosh and Apple Software users

Apple released Security Update 2010-001for Mac OS X 10.5.8 and Mac OS X 10.6.2 – ISO Recommended Critical

For more information on Apple updates see, https://support.apple.com/kb/HT1222
https://www.apple.com/support/security/guides/

Linux users

The popular distributions all released updates for their respective package repositories
Redhat, Fedora, Ubuntu, Debian, Gentoo, Slackware, Suse, etc.

As always, run your distro / package manager of choice on a regular basis.

Browser Security

Current browser versions:

IE – IE8 (8.0.6001.18702)

Firefox – 3.6 **new version

Safari – 4.0.4 (531.21.10)

Opera -10.10 (build 1893)

Google Chrome – 4.0.249.78 **new version

Other Applications

No other major updates caught our attention this month.

Happy patching and we’ll see you next month.

→ No CommentsTags:

The Official Web Log of the OIT Information Security Office. www.uta.edu/security

Pages

Archives

Categories

Blogroll

MSRC

Super Tuesday Summary – July 2010

July 14th, 2010 · Patches

Super Tuesday Summary – April 2010

April 14th, 2010 · Patches

Super Tuesday Summary – March 2010

March 22nd, 2010 · Patches

Spam on Campus – IT Service

March 8th, 2010 · Spam

Super Tuesday Summary – February 2010

February 23rd, 2010 · Patches

Super Tuesday Summary – January 2010

February 2nd, 2010 · Patches

Search It!

Recent Entries

Blogroll