Duke ITSO Alerts
Microsoft has released 7 updates addressing 11 vulnerabilities. Two of these updates are rated Critical by Microsoft due to the potential for remote code execution:
Microsoft has released 7 updates addressing 13 vulnerabilities. Five of these updates are rated Critical by Microsoft due to the potential for remote code execution:
- Cumulative Security Update for Internet Explorer (MS12-077)
- Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (MS12-078)
- Vulnerability in Microsoft Word Could Allow Remote Code Execution (MS12-079)
- Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (MS12-081)
- Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (MS12-080)
SANS has released their analysis of the patches, and of course the updates are now available via Microsoft and Windows Update. We recommend that these patches be deployed as soon as possible.
SANS ISC Diary: https://isc.sans.edu/diary.html?storyid=14683
Microsoft Security Bulletin Summary: http://technet.microsoft.com/en-us/security/bulletin/ms12-dec
This morning an attacker launched a phishing attack targeting Duke users. The message is entitled "Confidential - to ALL Employees" and requested the user to download and open a zipped file called "Employment 2013.zip."
If you download and open the file, it will attempt to install malware on your machine. Please DO NOT open this file.
If you downloaded and opened the file, please contact the OIT Service Desk or the Duke IT Security Office IMMEDIATELY.
OIT Service Desk:
(919) 684-2200
Duke IT Security Office:
The message looks like the following:
A very interesting article about "QRishing" : The Susceptibility of Smartphone Users to QR Code Phishing Attacks:
http://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab12022.pdf
This morning an attacker launched a phishing attack targeting Duke email users. The message is entitled "Duke University New Outlook Web App (OWA)" and requested the user to click on a link called "Outlook Web App (OWA) to access their mail account.
If you click on the link, you are taken to a non-Duke site and asked for your Duke netID and password. The site looks very similar to Duke's Outlook Web Access site, but it is a fraud, as indicated by the website's address: "http://exchange -duke.yzi.me/."
If you submitted your credentials to this form, please contact the OIT Service Desk or the Duke IT Security Office immediately.
OIT Service Desk:
(919) 684-2200
Duke IT Security Office:
The message looks like the following:
Microsoft has released 6 updates addressing 19 vulnerabilities. Four of these updates are rated Critical by Microsoft due to the potential for remote code execution:
- Cumulative Security Update for Internet Explorer (MS12-071)
- Vulnerabilities in Windows Shell Could Allow Remote Code Execution (MS12-072)
- Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS12-073)
- Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (MS12-074)
SANS has released their analysis of the patches, and of course the updates are now available via Microsoft and Windows Update. We recommend that these patches be deployed as soon as possible.
SANS ISC Diary: https://isc.sans.edu/diary.html?storyid=14503
Microsoft Security Bulletin Summary: http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
Over the weekend of November 10-11, a phishing scam was launched against many duke.edu email addresses. The message was entitled "Read This" and requested the user to "Click Here" to update their mail account.
If you click on the link, you are taken to a non-Duke site and asked for your Duke netID and password. The site looks very similar to Duke's WebMail site, but it is a fraud, as indicated by the website's address: "nawao.5gbfree.com."
If you submitted your credentials to this form, please contact the OIT Service Desk or the Duke IT Security Office immediately.
OIT Service Desk:
(919) 684-2200
Duke IT Security Office:
The message looks like the following:
The fraudulent site looks like the following:
Adobe has posted a notification that a remote code execution vulnerability exists in Flash (for Windows, OS X, Linux, and Android).
Full details, including installation instructions, visit:
http://www.adobe.com/support/security/bulletins/apsb12-22.html
Microsoft has released 7 updates addressing 21 vulnerabilities. One of these updates are rated Critical by Microsoft due to the potential for remote code execution:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (MS12-064)
This security update resolves two privately reported vulnerabilities in Microsoft Office. The more severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
SANS has released their analysis of the patches, and of course the updates are now available via Microsoft and Windows Update. We recommend that these patches be deployed as soon as possible.
SANS ISC Diary: https://isc.sans.edu/diary.html?storyid=14272
Microsoft Security Bulletin Summary: http://technet.microsoft.com/en-us/security/bulletin/ms12-sep
Over the weekend of September 22-23, a phishing scam campaign was launched against many duke.edu email addresses. This campaign revolved around a link to a Google Docs form where users were asked to submit their Duke NetID credentials for the latest news and updates. The email message was signed using the name "Richard H. Broadhead" and the Google Docs form used a Duke University banner image at the top of the site, in an attempt to appear legitimate.
If you submitted your credentials to this form, please contact the OIT Service Desk or the Duke IT Security Office immediately.
OIT Service Desk:
(919) 684-2200
Duke IT Security Office: