Duke ITSO Alerts

Microsoft released an out of band patch for Windows on November 18. MS14-068 allows any domain account to escalate privileges to any other account in the domain. Without this patch, all users are Domain Admins. Domain Controllers should be patched immediately.

 

Relevant Technet articles:

https://technet.microsoft.com/library/security/MS14-068
http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information...

A new phishing attack targeting the Duke community has been reported. If you've received a message similar to the one captured below, please be advised the message is fraudulent:

 

 

Clicking the link will redirect the recipient to a cloned version of Duke's sign in page as seen below:

 

 

We ask that anyone who has received the message, clicked the link, and provided NetID credentials please contact the OIT Service Desk at 919.684.2200.

Microsoft has released 16 updates (2 of which have not yet been released) addressing 32 vulnerabilities (17 for Internet Explorer).  Five of these updates are rated Critical by SANS Internet Storm Center due to the potential for remote code execution and probability of exploit code existing in the wild.  The most critical issue is the one fixed by MS14-066.  A vulnerability in schannel will allow an attacker to execute attack code against a Windows server (http://arstechnica.com/security/2014/11/potentially-catastrophic-bug-bites-all-versions-of-windows-patch-now/).

 

Vulnerabilities in Windows OLE Could Allow Remote Code Execution (MS14-064)

Cumulative Security Update for Internet Explorer (MS14-065) 

Vulnerability in Schannel Could Allow Remote Code Execution (MS14-066) 

Vulnerability in XML Core Services Could Allow Remote Code Execution (MS14-067) 

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (MS14-069)

Vulnerability in TCP/IP Could Allow Elevation of Privilege (MS14-070)

Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (MS14-071) 

Vulnerability in .NET Framework Could Allow Elevation of Privilege (MS14-072)

Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (MS14-073)

Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (MS14-074)

Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (MS14-076)

Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (MS14-077)

Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (MS14-078)

Vulnerability in Kernel Mode Driver Could Allow Denial of Service (MS14-079)

 

Note that MS14-068 and MS14-075 have not yet been released. 

 

The updates are now available via Microsoft and Windows Update.  We recommend that these patches be deployed as soon as possible.

 

Microsoft Advisories: https://technet.microsoft.com/library/security/ms14-nov

SANS ISC Analysis: https://isc.sans.edu/forums/diary/Microsoft+November+2014+Patch+Tuesday/18941

 

Adobe has released an update to address 18 vulnerabilities in Adobe Flash Player.  Limited exploitation of the application has been seen on the Internet.

 

Adobe Flash Player- http://helpx.adobe.com/security/products/flash-player/apsb14-24.html

 

The ITSO advises users and administrators to udpate these applications quickly.  The vulnerabilities in Adobe Flash do allow for remote code execution.

The IT Security Office is receiving reports of a phishing attack aimed at Duke users.  If you've received a message similar to the one below, please be advised that it is a phishing attack and should be discarded immediately. If you've received the message, clicked the link, and supplied credentials, please immediately contact the OIT Service Desk at 919.684.2200 for assistance.

 

 

 

ITSO has been notified of the following phishing attack:

 

 

Visiting that link will redirect you to the following non-Duke hosted form:

 

 

If you've received the message, clicked the link, and supplied credentials, please immediately contact the OIT Service Desk at 919.684.2200 for assistance.

Yet another Blackoard related phishing attack has been reported this afternoon.

Below is a screenshot of the message (target URL destination has been added):

 

The form hosted on that page is seen below:

 

As this is not legitimate communications from Duke, we ask that everyone who has received this message, clicked the link, and supplied credentials to immediately notify the OIT Service Desk at 919.684.2200 for assistance.

 

The IT Security Office is receiving reports of a phishing attack aimed at Duke users.  If you've received a message similar to the one below, please be advised that it is a phishing attack and should be discarded immediately.  Note that the link points to the anthroman.com domain, not to a duke.edu domain.

 


 


 

Adobe has released an update to address vulnerabilities in Adobe Flash Player.

 

Adobe Flash Player- https://helpx.adobe.com/security/products/flash-player/apsb14-22.html

 

The ITSO advises users and administrators to udpate these applications quickly.  The vulnerabilities in Adobe Flash do allow for remote code execution.

Microsoft has released 8 updates addressing 24 vulnerabilities (14 for Internet Explorer).  Five of these updates are rated Critical by SANS Internet Storm Center due to the potential for remote code execution and probability of exploit code existing in the wild:

 

  • Cumulative Security Update for Internet Explorer (MS14-056)
  • Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS14-057)
  • Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (MS14-058)
  • Vulnerability in Windows OLE Could Allow Remote Code Execution (MS14-060)

 

The updates are now available via Microsoft and Windows Update.  We recommend that these patches be deployed as soon as possible.

 

Microsoft Security Bulletin Summary:  https://technet.microsoft.com/library/security/ms14-oct

SANS ISC Analysis:  https://isc.sans.org/forums/diary/Microsoft+October+2014+Patch+Tuesday/1...

 

 

 

 

Pages