|
This page will be updated periodically with information on current
threats affecting campus computing facilities.
You may sign up to receive e-mail announcements of significant
vulnerabilities that may have an impact on the university community by
joining the Vulnerability Notification Program Listserv. In order
to subscribe, send a message to listserv@listserv.umd.edu.
The body of the message should simply state: subscribe umd-vnp.
For more information on using listserv lists, please contact the OIT Help Desk.
Recent Alerts
6/11/2008
– Seven critical
updates have been released by Microsoft.
See: http://www.microsoft.com/protect/computer/updates/bulletins/200806.mspx
for more information.
5/16/2008
– Flaw in OpenSSL on
Debian and Ubuntu Linux can lead to compromise via unexpectedly weak
encryption keys and exploitation programs available on the Internet. See: http://www.kb.cert.org/vuls/id/925211
for more information.
5/15/2008 – Microsoft
has announced their critical updates for May 2008. See: http://www.microsoft.com/protect/computer/updates/bulletins/200805.mspx
for more information
4/29/2008 – WordPress blog administrators should
upgrade to version 2.5.1
to resolve a vulnerability that could lead to system compromise. See http://secunia.com/advisories/29965
for more information.
4/25/2008 – Version
1.5 of Guidelines in Response to
the State IT Security Policy has been released by the University
System of Maryland. USM is required by law to institute IT
policies that are functionally compatible with those imposed upon other
state agencies by the CIO of the State of Maryland. You can obtain a copy of the new guidelines
at: http://security.umd.edu/documents/usm_guidelines.pdf
4/9/2008 – Microsoft
has announced their critical updates for April 2008. Vulnerabilities this month affect
Microsoft Windows, Microsoft Office, and Internet Explorer. For more information, see: http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx
4/3/2008 – We
continue to see messages to campus users in which they are requests to
respond with sensitive information including their password. Never respond to such
messages. If you have any doubts,
please contact the OIT Help Desk.
3/28/2008 - The Mozilla Project has announced a security update
for Firefox and Thunderbird in order to address vulnerabilities that
could allow an attacker to compromise a system by convincing a user to
view a specially crafted HTML document. These vulnerabilities are
corrected in version 2.0.0.13 of both Firefox and Thunderbird. For
more information, see: http://www.mozilla.org/security/announce
3/11/2008 – Microsoft
has announced their critical updates for March 2008. This month’s vulnerabilities are
associated with components of Microsoft Office and Microsoft Office Web
Components. For more information,
see: http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx
3/5/2008 – Another
round of bogus e-mail messages from Umd.edu
Support Team have been sent to some campus e-mail addresses. These messages ask recipients to
respond with their university password.
This is obviously not from OIT and OIT will never ask users to transmit their passwords or other
sensitive information via e-mail.
2/25/2008 -
VMWare virtualization software has been discovered to have serious
vulnerabilities, and users should look to taking some recommended steps
to protect themselves. The issue is discussed here by the vendor:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034
|
