Microsoft has released a security package to correct a critical vulnerability in Windows, and UAB IT is urging campus technical professionals and users to apply the patch immediately.

Microsoft released security bulletin MS14-066 “Vulnerability in Schannel Could Allow Remote Code Execution (2992611),” for November’s Patch Tuesday.

MS14-066 is a critical vulnerability in the Microsoft Secure Channel (Schannel) security package that allows specially crafted packets to compromise the machine. This affects all Windows servers and clients. Microsoft indicates that there are no workarounds or mitigations.

Please run the Windows update as soon as possible for all your Windows machines, servers and clients.

What is Schannel?

Secure Channel, also known as Schannel, is a security support provider (SSP) that contains a set of security protocols that provide identity authentication and secure, private communication through encryption. Schannel is primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications.


For more information:

https://technet.microsoft.com/library/security/MS14-066

https://isc.sans.edu/diary/Microsoft+November+2014+Patch+Tuesday/18941

https://isc.sans.edu/forums/diary/How+bad+is+the+SCHANNEL+vulnerability+CVE-2014-6321+patched+in+MS14-066+/18947

http://www.zdnet.com/drop-what-youre-doing-and-patch-the-windows-schannel-bugs-now-7000035738/

Hoping to reduce threats to computer security, the chief information security officers for the University of Alabama, UAB, UAB Medicine and UAHuntsville are launching a new monthly IT Risk Bulletin.

The inaugural issue offers tips on creating stronger passwords. 

The newsletters will be published by the chief information security officers for UA, UAB, UAB Medicine and UAHuntsville, working in conjuction with the UA System Office of Risk Management and the director of IT Audit. The monthly newsletters are designed to help each campus' users to avoid IT errors.

An archive of the IT Risk Bulletin is available here.
tech talkUAB IT's “Tech Talk”  series continues in June with Adobe. On June 27th,  Adobe will be on site to discuss the new Creative Cloud enterprise agreement and what all is included.  This will be a great opportunity to ask questions of Adobe and learn all of the features/functions available with UAB's Creative Cloud agreement.  Please plan to attend, and feel free to pass the invitation along to others on campus that you feel may benefit...the session is open to all faculty and staff and no registration is required.  Friday June 27th, 2pm-4pm at the Center for Teaching and Learning (2nd floor of the Education Bldg; CTL entrance across courtyard from Sterne Library).
After 10 years as a student and 25 years working at UAB, Doug Rigney, Ph.D., interim vice president of Information Technology, has announced his retirement, effective May 31.  See the full article on Dr. Rigney here.
Page 1 of 4