Skip to Content

Posts under tag: vulnerability

May 16, 2017

WannaCry ransomware: Action required

Please update Windows computers by 5:00pm today (Tuesday, May 16). Restart your machine to have updates take effect.

Windows computers that are not up to date on Microsoft security update MS17-010 at that time will be temporarily disconnected from the UO network by the UO Information Security Office. 

Windows has a vulnerability

For specific information as to the worldwide impact of this vulnerability, check out The New York Times article on the WannaCry ransomware exploit.

The Microsoft Security blog has more information for Windows consumers here as well.

Action items for you

  • Deploy Microsoft Windows Updates immediately, and no later than 5:00pm today (Tuesday, May 16).
  • Restart your machine following the update process.

What we are doing

CASIT is working on a small list of specific, known, vulnerable hosts and contacting those customers where possible and having them update their machines. If we don’t contact you, run updates and restart your machine as this is the best way to ensure your machine/device is not vulnerable.

The Information Security Office continues notifying departmental IT staff of machines in their departments that are vulnerable to network propagation of this threat, and will notify them again today before 5:00pm. 

If you have any questions, please contact us by email: casit@uoregon.edu or by phone at x6-2388.

February 10, 2016

Mac OS X vulnerability to hijacking via third-party apps

Security locks
ArsTechnica is reporting that Mac OS X Yosemite (10.10) and El Capitan (10.11) are vulnerable to man-in-the-middle (MITM) hijacking through Sparkle, a third-party software framework that certain third-party apps use to receive updates.

In a MITM attack like this one, the software is made vulnerable during the update process and malicious code can then be installed to take control of the computer.

There is a patch available (at the time of this post) but use of it has to be taken care of by the developer. Sparkle’s documentation does note that due to how it works, software that uses it can be vulnerable without making a few modifications at the developer level.

The vulnerability has been found so far in versions of Camtasia, uTorrent, and VLC Media Player.

For information on how the vulnerability was discovered (it is pretty advanced), check out this summary from Radoslaw Karpowicz, the man who found it.

For more information on this vulnerability (in more layman’s terms), check out ArsTechnica.com.

July 8, 2015

Adobe Flash exploit now has a patch

Flash-Icon

(As reported on ArsTechnica.com: July 8, 2015)
Adobe Systems has updated its Flash media player to patch a vulnerability that attackers started exploiting soon after attack code leaked from the devastating Hacking Team breach.

As Ars reported Tuesday morning, the previously unknown Flash vulnerability was part of some 400 gigabytes of data dumped on the Internet by unknown attackers who hacked Hacking Team over the weekend. By Tuesday afternoon, the critical flaw was being targeted in the wild by an array of malware titles, including the Angler and Nuclear exploit kits, as first reported by Malwarebytes (and later documented by the security researcher known as Kafeine). The exploit has also been folded in to the Metasploit hacking framework.

The vulnerability is cataloged as CVE-2015-5119 and is active in Flash versions 18.0.0.194 and earlier. According to security firm Rapid 7, it stems from a use-after-free bug that can be exploited while Flash is handling ByteArray objects. The update is available for Windows, Mac OS X, and Linux systems. Adobe has credited Google’s Project Zero and Morgan Marquis-Boire, director of security, First Look Media, for reporting the critical bug and working to protect Flash users.

For more from this article, check it out on ArsTechnica.com

For links to the Flash updaters for Windows and Mac OS X, click here.