UAB IT Provides Critical Guidance to Campus on Appropriate Versions of Internet Explorer, Mac OS, and Java to Mitigate Risks of Exploitation; updates Java recommendation to 1.7.0_55

A significant security vulnerability was discovered in the Internet Explorer web browser over the weekend of April 26th and is being shared in mass media.  This vulnerability could allow an attacker to compromise a Windows based computer should the end-user visit a website with appropriate content.

On May 1st, Microsoft released a fix to the IE vulnerability. Users should install this fix immediately.  UAB IT will begin pushing this update Thursday afternoon May 1st.  If IE is open, you will be required to perform a system reboot in order for the fix to take effect. If IE is closed, no reboot should be necessary.  Once the fix has been applied to your system (and IE is open) you will have 24 hours to perform a reboot or your system will automatically reboot.  

UAB IT continues to recommend that end-users use a two web browser methodology to limit the risks to the campus.

1.       Use an up-to-date version of Internet Explorer for conducting UAB business on university supported web sites.

2.       Use a second web browser (such as Mozilla Firefox or Google Chrome) with the Java plug-in disabled for any general web surfing and accessing off-campus resources.

Windows Systems:

• On Windows 7 Install IE 10 and Java 1.7.0_55

UAB IT has updated the minimum recommendations for versions of Internet Explorer and Java as UAB systems have improved functionality to support newer browsers and the currently secure version of Java. Internet Explorer 10 and Java 1.7.0_55 are recommended for installation on Windows 7/8. UAB IT also recommends using a separate browser with JAVA disabled for Internet use.  Use IE for on campus with Java enabled and your choice of Firefox or Chrome for Internet browsing with JAVA disabled (for information on disabling Java click here).

Mac Systems:

• Install OSX 10.9 and Java 1.7.0_55

UAB IT has updated the minimum recommendations for versions of Mac Operating systems and Java as UAB systems have improved functionality that are compatible with the current version of Java. The recommended operating systems for use on Campus are Apple OSX 10.7x and 10.8x. While Apple OSX 10.6x is still supported by Apple, vendors are no longer testing against it for compatibility. Apple operating systems will not run any version lower than Java 1.7.0_51.

UAB IT also recommends using two different browsers — one for surfing the Web and one just for accessing UAB systems. For Internet Web browsing, use one of the following: Firefox Safari, or Chrome, with Java disabled (for information on disabling Java click here). For working with just UAB systems, choose a different browser and enable Java to work in it. If you run into compatibility issues with the local browser and UAB IT systems, use the IT terminal servers to access UAB resources via RDP client (for information on using IT terminal servers on Mac click here).

For more information, contact AskIT (www.uab.edu/askit).

UAB IT has announced a new enterprise licensing agreement with Adobe that covers Adobe Creative Cloud and Acrobat Pro effective June 2014.  This agreement makes the Creative Cloud products available to University faculty and staff which had not been included in previous UAB agreements with Adobe.  Creative Cloud includes products such as Photoshop, Illustrator, InDesign, Acrobat, Dreamweaver, and others.  Separate subscriptions for just Acrobat Pro will also be available. Ordering will be through AskIT going forward, not CDWG as in the past.  The agreement also includes improved home-use rights for faculty/staff.  Students will continue to be able to purchase Adobe products under the Student Agreement UAB already has in place.  For more information on pricing and ordering see the Adobe page here.
UAB IT announced Friday that Windows XP systems (that do not have an approved exeception in place) will have all internet access suspended.  The UAB IT Oversight Committee approved this plan in late April.  See detail about the announcement below and effective dates.


May 2, 2014

Office of the Chief Information Security Officer

Subject:

Suspension of Internet Access for XP Computers/System

To:

All UAB Faculty and Management

What is Happening:

Effective April 8th, Microsoft stopped support for the Windows XP operating system and associated software.  Non-support represents a significant vulnerability to UAB and, as a result, the IT Oversight Committee has directed that action be taken to mitigate this vulnerability.



Actions:

Mitigation actions include the following steps:

1.    XP system owners will be notified via an email that their Internet access will be suspended. Notices will start being sent on Monday May 5th.

2.    7 calendar days after notification, Internet access will be suspended via our IPS/IDS system.

3.    After May 31st, all XP systems will be disconnected from the UAB campus network.

4.    If an XP system requires campus network and Internet access, an Exception Request must be submitted to the Information Security Office, be adjudicated by the Enterprise Information Security Council, and the system access restored if approved.



Contact: For questions call the Enterprise Information Security staff at (205) 975-0842 or email datasecurity@uab.edu
Physician Tax Fraud Scheme

Alabama has now been added to a growing list of states with a doctor targeted tax fraud outbreak.  Hundreds of physicians in Arizona, Connecticut, Indiana, South Dakota, New Hampshire, Michigan, North Carolina, Vermont and Alabama have been impacted.

A bulletin from the North Carolina Medical Society recently said, “The majority of those affected first become aware of it when they receive an IRS 5071C letter advising them of possible fraud. Others are receiving a rejection notification when attempting to electronically file their tax return. It indicates it cannot be submitted because a return has already been filed under that Social Security number.”

Earlier week, the UAB IT Information Security Team received information that a half-dozen physicians associated with a local medical group affiliated with the Children’s Hospital of Alabama have also been victimized as a result of this scheme.  We have unconfirmed reports that several UAB physicians may also be impacted.

We are in contact with the local FBI field agent regarding this matter and are asking if you or a physician you know has been affected by this, please contact the UAB Chief Information Security Officer at (205) 975-3117 or by email to jwp3@uab.edu for additional information.
Page 2 of 3