Duke ITSO Alerts

The ITSO has received multiple notifications this afternoon of a new phishing attack. A copy of the message is provided below:

 

 

As seen above, mousing over the link "Click Here To Read", one will be redirected to a page hosted on a non-Duke site.

 

 

The form above has cloned an Outlook Web Access login page. Entering credentials into this page will result in a compromised account. We ask that anyone who has seen this email, clicked the link, and entered their NetID/password to please contact the OIT Service Desk at 919.684.2200 immediately for assistance.

The ITSO has received notices of a malicious email that is being sent out to multiple users in the Duke Community. The email claims to be from Microsoft and is referring to Volume Licensing . **Beware** The URL in the email directs to a website that downloads a malicious file to your device and could result in a compromised device.

If you received this email and clicked on the URL then we recommend you contact the OIT Service Desk or your local support group immediatley to have your device scanned and cleaned.

 

Microsoft has released 8 updates addressing 8 vulnerabilities.  One of these updates are rated Critical by SANS Internet Storm Center due to the potential for remote code execution (servers).

 

  •     Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (MS15-001)
  •     Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (MS15-002)
  •     Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (MS15-003)
  •     Vulnerability in Windows Components Could Allow Elevation of Privilege (MS15-004)
  •     Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (MS15-005)
  •     Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (MS15-006)
  •     Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (MS15-007)
  •     Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (MS15-008)

 

The updates are now available via Microsoft and Windows Update.  We recommend that these patches be deployed as soon as possible.

 

Microsoft Advisories: https://technet.microsoft.com/library/security/ms15-jan

 

SANS ISC Analysis: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2015+R...

Adobe has released an update to address 9 vulneralities in Flash Player.

 

Adobe Flash Player- http://helpx.adobe.com/security/products/flash-player/apsb15-01.html

 

The ITSO advises users and administrators to udpate this application quickly.  The vulnerabilities in Adobe Flash do allow for remote code execution.

A new phishing attack targeting the Duke community has been reported. Notice that the URL isn't on the duke.edu. If you've received a message similar to the one captured below, please be advised the message is an attempt to steal login credentials. If you recieved this email and sumbitted your login information then you want to contact the OIT Service Desk immediatley for assitance in updating your information.

 

**Note** This Phishing attempt has a fully functional Captcha in an attempt to make this form seem even closer to being legitimate.

 

 

Adobe has released three updates to address vulneralities in Flash, Reader and Acrobat, and ColdFusion.  Exploitation of Flash and  Acrobat has been seen on the Internet.

 

Adobe Flash Player- http://helpx.adobe.com/security/products/flash-player/apsb14-27.html

Adobe Reader and Acrobat - http://helpx.adobe.com/security/products/reader/apsb14-28.html

Adobe ColdFusion - http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html

 

The ITSO advises users and administrators to udpate these applications quickly.  The vulnerabilities in Adobe Flash do allow for remote code execution.
 

Microsoft has released 7 updates addressing 25 vulnerabilities (14 for Internet Explorer).  Five of these updates are rated Critical by SANS Internet Storm Center due to the potential for remote code execution (2 for servers and 5 for clients).

 

  • Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (MS14-075)
  • Cumulative Security Update for Internet Explorer (MS14-080)
  • Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (MS14-081)
  • Vulnerability in Microsoft Office Could Allow Remote Code Execution (MS14-082)
  • Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (MS14-083)
  • Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (MS14-084)
  • Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (MS14-085)

 

The updates are now available via Microsoft and Windows Update.  We recommend that these patches be deployed as soon as possible.

 

Microsoft Advisories: https://technet.microsoft.com/library/security/ms14-dec

SANS ISC Analysis: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+-+December+201...

Microsoft released an out of band patch for Windows on November 18. MS14-068 allows any domain account to escalate privileges to any other account in the domain. Without this patch, all users are Domain Admins. Domain Controllers should be patched immediately.

 

Relevant Technet articles:

https://technet.microsoft.com/library/security/MS14-068
http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information...

A new phishing attack targeting the Duke community has been reported. If you've received a message similar to the one captured below, please be advised the message is fraudulent:

 

 

Clicking the link will redirect the recipient to a cloned version of Duke's sign in page as seen below:

 

 

We ask that anyone who has received the message, clicked the link, and provided NetID credentials please contact the OIT Service Desk at 919.684.2200.

Microsoft has released 16 updates (2 of which have not yet been released) addressing 32 vulnerabilities (17 for Internet Explorer).  Five of these updates are rated Critical by SANS Internet Storm Center due to the potential for remote code execution and probability of exploit code existing in the wild.  The most critical issue is the one fixed by MS14-066.  A vulnerability in schannel will allow an attacker to execute attack code against a Windows server (http://arstechnica.com/security/2014/11/potentially-catastrophic-bug-bites-all-versions-of-windows-patch-now/).

 

Vulnerabilities in Windows OLE Could Allow Remote Code Execution (MS14-064)

Cumulative Security Update for Internet Explorer (MS14-065) 

Vulnerability in Schannel Could Allow Remote Code Execution (MS14-066) 

Vulnerability in XML Core Services Could Allow Remote Code Execution (MS14-067) 

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (MS14-069)

Vulnerability in TCP/IP Could Allow Elevation of Privilege (MS14-070)

Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (MS14-071) 

Vulnerability in .NET Framework Could Allow Elevation of Privilege (MS14-072)

Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (MS14-073)

Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (MS14-074)

Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (MS14-076)

Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (MS14-077)

Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (MS14-078)

Vulnerability in Kernel Mode Driver Could Allow Denial of Service (MS14-079)

 

Note that MS14-068 and MS14-075 have not yet been released. 

 

The updates are now available via Microsoft and Windows Update.  We recommend that these patches be deployed as soon as possible.

 

Microsoft Advisories: https://technet.microsoft.com/library/security/ms14-nov

SANS ISC Analysis: https://isc.sans.edu/forums/diary/Microsoft+November+2014+Patch+Tuesday/18941

 

Pages