IT Security & Policy Announcements

Microsoft Updates for June 2013

Tue, 11 Jun 2013 13:20:27 CDT

Microsoft released their patch Tuesday Security Bulletins today. The notification lists 5 bulletins in total: 1 rated critical, 4 rated important. The bulletins address vulnerabilities in the following products:

Microsoft Windows
Microsoft Office
Internet Explorer

If exploited, the vulnerabilities could allow for remote code execution, information disclosure, elevation of privileges, and denial of service.

Some of the updates require systems to restart. Windows users should remember to save their work and close all of their programs before leaving for the day.

Microsoft Security Bulletin Advance Notification for May 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-jun

Microsoft Updates for May 2013

Tue, 14 May 2013 13:20:27 CDT

Microsoft released their patch Tuesday Security Bulletins today. The notification lists 10 bulletins in total: 2 rated critical, 8 rated important. The bulletins address vulnerabilities in the following products:

Microsoft Windows
Microsoft Office
Microsoft .NET Framework
Microsoft Lync
Microsoft Windows Essentials
Internet Explorer

If exploited, the vulnerabilities could allow for remote code execution, spoofing, information disclosure, elevation of privileges, and denial of service.

Of particular note, the MS13-038 bulletin addresses a publicly known vulnerability affecting Internet Explorer 8. There are reports of public exploitation and attack against this vulnerability. Upgrading to Internet Explorer 9 or 10 where possible is highly recommended.

Some of the updates require systems to restart. Windows users should remember to save their work and close all of their programs before leaving for the day.

Microsoft Security Bulletin Advance Notification for May 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-may

Microsoft Updates for April 2013

Tue, 09 Apr 2013 13:20:27 CDT

Microsoft released their patch Tuesday Security Bulletins today. The notification lists 9 bulletins in total: 2 rated critical, 7 rated important. The bulletins address vulnerabilities in the following products:

Microsoft Windows
Microsoft Office
Microsoft Server Software
Microsoft Security Software
Internet Explorer

If exploited, the vulnerabilities could allow for remote code execution, information disclosure, elevation of privileges, and denial of service.

Some of the updates require systems to restart. Windows users should remember to save their work and close all of their programs before leaving for the day.

Microsoft Security Bulletin Advance Notification for April 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-apr

Microsoft Updates for March 2013

Tue, 12 Mar 2013 13:20:27 CDT

Microsoft released their patch Tuesday Security Bulletins today. The notification lists 7 bulletins in total: 4 rated critical, 3 rated important. The bulletins address vulnerabilities in the following products:

Microsoft Windows
Microsoft Office
Microsoft Server Software
Internet Explorer
Silverlight

If exploited, the vulnerabilities could allow for remote code execution, information disclosure, and elevation of privileges.

Some of the updates require systems to restart. Windows users should remember to save their work and close all of their programs before leaving for the day.

Microsoft Security Bulletin Advance Notification for March 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-mar

Microsoft Updates for February 2013

Mon, 11 Feb 2013 13:20:27 CST

Microsoft will be releasing their patch Tuesday Security Bulletins tomorrow. The notification lists 12 bulletins in total: 5 rated critical, 7 rated important. The bulletins affect Microsoft Windows, Internet Explorer, Server Software, Office, and the .NET Framework.

57 unique vulnerabilities will be addressed in total. If exploited, the vulnerabilities could allow for remote code execution, denial of service, and elevation of privileges.

As the university has a holiday scheduled for Tuesday, Windows users should remember to save and close all of their work Monday evening before they leave for the day in case the updates will require a reboot.

Microsoft Security Bulletin Advance Notification for February 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-feb

See also:
http://blogs.technet.com/b/msrc/archive/2013/02/07/advance-notification-service-for-the-february-2013-security-bulletin-release.aspx

Microsoft and Adobe Updates for January 2013

Tue, 08 Jan 2013 13:08:58 CST

Microsoft is releasing seven bulletins (two ‘critical’, five ‘important’) to address a total of 11 vulnerabilities. The critical bulletins address 3 of the vulnerabilities in the Windows Print Spooler and Microsoft XML Core Services. The latter of the two vulnerabilities can be potentially exploited via Internet Explorer. The remaining 8 vulnerabilities address issues in Microsoft Windows, Server Software, and .NET Framework.

Remember to close all applications at the end of work day today because several updates require a reboot to complete installation.

More information on the Microsoft bulletins – http://technet.microsoft.com/en-us/security/bulletin/ms13-jan

Adobe released critical updates for Flash Player and Acrobat/Reader software addressing a total of 27 vulnerabilities across all supported platforms and operating systems. The vulnerabilities could allow for remote code execution. If your products are not configured for automatic updating, please ensure you update to the latest versions as soon as possible.

For more information on the Adobe bulletins, see the following:
http://www.adobe.com/go/apsb13-01
http://www.adobe.com/go/apsb13-01

Seven Steps to a Secure Computer

Fri, 14 Dec 2012 15:20:15 CST

While handheld devices such as smartphones and tablets provide new ways for us to leverage technology, computers are often still the primary tool we use for our professional and personal lives. As a result, your computer, whether at work or at home, still remains a primary target for cyber criminals. By following the seven simple steps outlined in this newsletter, you can help secure your computer and protect it against most known attacks.

OUCH! Newsletter for December 2012: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201212_en.pdf

The OUCH! newsletter is a monthly security awareness publication by the SANS Securing the Human program.

Microsoft Updates for December 2012

Tue, 11 Dec 2012 15:24:52 CST

Microsoft is releasing seven bulletins (five ‘critical’, two ‘important’) to address a total of 12 vulnerabilities. The critical bulletins address 10 of the vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server Software. The important bulletins address the remaining two vulnerabilities in Windows.

Remember to close all applications at the end of work day today because several updates require a reboot to complete installation.

More information on the Microsoft bulletins – http://technet.microsoft.com/en-us/security/bulletin/ms12-dec

Two-Factor Authentication

Wed, 14 Nov 2012 12:30:00 CST

To use many of the services on the Internet today, such as email, online banking or online shopping, you must first prove you are who you say you are. This process of proving your identity is known as authentication. Authentication is done by using something you know (such as your password), something you have (such as your smartphone), or something unique to you (such as a retinal scan or fingerprint). Traditionally, one of the most common ways of authenticating has been a username and a password. The problem with using just a password for authentication is simple: all an attacker needs to do is guess or compromise your password and they gain instant access to your online account and information. If you use the same username and password for multiple accounts, the harm can be even far greater. To better protect your online accounts, websites are moving to stronger authentication methods that require the use of more than one factor to authenticate. We will explain what this is, how it works and why you should use it.

OUCH! Newsletter for November 2012: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201211_en.pdf

The OUCH! newsletter is a monthly security awareness publication by the SANS Securing the Human program.

Microsoft Updates for November 2012

Tue, 13 Nov 2012 12:00:00 CST

Microsoft is releasing six bulletins to fix 19 vulnerabilities. The four Critical-rated updates will address 13 vulnerabilities in Microsoft Windows, Internet Explorer and the .NET Framework. One bulletin rated Important will address four vulnerabilities in Microsoft Office and finally, one Moderate update will address two issues in Microsoft Windows. LSU computers will download and install the updates as scheduled by either its group policy or local security center settings.

Remember to close all applications at the end of work day today because several updates require a reboot to complete installation.

More information on the Microsoft bulletins – http://technet.microsoft.com/en-us/security/bulletin/ms12-nov