Microsoft released security bulletin MS14-066 “Vulnerability in Schannel Could Allow Remote Code Execution (2992611),” for November’s Patch Tuesday.
MS14-066 is a critical vulnerability in the Microsoft Secure Channel (Schannel) security package that allows specially crafted packets to compromise the machine. This affects all Windows servers and clients. Microsoft indicates that there are no workarounds or mitigations.
Please run the Windows update as soon as possible for all your Windows machines, servers and clients.
What is Schannel?
Secure Channel, also known as Schannel, is a security support provider (SSP) that contains a set of security protocols that provide identity authentication and secure, private communication through encryption. Schannel is primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications.
For more information:
Office 2013 is now available only for download by TIMGroup members only.
Compatibility testing of Microsoft 2013 is underway.
Microsoft Office Professional Plus 2013
Office Professional Plus 2013 includes Word, PowerPoint, Excel, Outlook, OneNote, Access, Publisher and Lync and will be the version available to UAB under our Microsoft Campus Agreement when released to Campus.
UAB IT is testing Microsoft Office 2013 to determine its compatibility with applications and systems deployed in the UAB environment. Current testing includes Office 2013’s compatibility with the following:
- Adobe Acrobat
- Turning Point
In addition to UAB IT’s testing, we request that your department conduct its own testing of Office 2013 with applications and systems that are unique to your environment. This week we will release Office 2013 to TIMGroup for testing purposes. Please report your application compatibility results to Sterling Griffin (Sterling@uab.edu) once your testing is complete. Also include a list of any applications you use that interact with Office.
Until the testing and evaluation of Office 2013 is complete, UAB IT is not recommending it for mass deployment.
Deployment: (with SkyDrive disabled when using Office 2013)
UAB IT will post on the download site 2 versions of the ISO.
- As delivered from Microsoft.
- With the registry key to disable SkyDrive in a transform file
Office 2013 uses Microsoft’s SkyDrive cloud-based file-hosting service. We recommend disabling SkyDrive at this time. This can be accomplished in two ways: Using the Registry Editor and using the Group Policy Editor.
- Disabling SkyDrive by using the Registry Editor
- Launch the Registry Editor by opening the Run dialog box and entering regedit.
- When the Registry Editor opens, navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\SignIn.
- If the SignIn key doesn’t exist, create it by right-clicking on Common à New à Key à SignIn.
- In the right pane of the SignIn key, create a new DWORD value named SignInOptions.
- Double-click on SignInOptions and change its value to 3. To restore SkyDrive functionality, simply set the SignInOptions value to 0.
- Disabling SkyDrive by using the Group Policy Editor
- To use this method, you need to install the Office 2013 Administrative Templates. If you don’t have these templates, download them from the Microsoft Downloads Web site and install them.
- Once the Administrative Templates are installed, open the Run dialog box and enter gpedit.msc to open the Local Group Policy Editor.
- Now that you’re in the Local Group Policy Editor, navigate down the tree to User Configuration à Administrative Templates à Microsoft Office 2013 à Miscellaneous.
- Find the “Block signing into Office” option in the list of settings and double-click it.
- In the Properties window, click “Enable” and select the option “None Allowed.”
Windows 8 is not recommended for campus use at this time. However, if you have to support a Windows 8 portable device, it must be encrypted. At this time, BitLocker is available to accomplish this task on all Windows 8 portable devices that have a TPM chip and do not run on an ARM platform (such as a Windows 8 RT tablet). Windows 8 devices that run on an ARM platform or those that do not have TPM chips should not be used.
UAB Policy requires all laptop/portable devices owned by UAB or UAB businesses and all personal laptop/portable devices used for UAB business be encrypted. PGP, UAB’s current encryption tool, does not work on Windows 8 and Symantec has not yet set a support date for Windows 8.
BitLocker is an acceptable alternative to encrypt Windows 8 system drives in some circumstances. In the past, BitLocker has been recommended when PGP was incompatible with Windows 7 or specific BIOS versions. Systems that are currently encrypted with PGP should remain encrypted via PGP. UAB IT is currently researching BitLocker key management solutions and will issue further guidance as available, but in the mean time, BitLocker should be installed using the non-enterprise setup method below.
Non-Enterprise BitLocker Setup
Recommendations for using BitLocker
- Password set system BIOS
- TPM chip in the device
- You must take ownership of the TPM chip
- Before updating the BIOS, BitLocker must be suspended
- Escrow the key in some manner
- Professional/enterprise version of Windows
- Use a TPM + PIN authentication method
- System must be formatted NTFS with two volumes
Escrowing the key
With Windows 8, you may escrow the key in one of the following ways:
- Save the recovery key to a USB flash drive This method saves the recovery key to a USB flash drive. This option cannot be used with removable drives.
- Save the recovery key to a file This method saves the recovery key to a network drive or other location.
- Print the recovery key This method prints the recovery key, but it is not recommended.
It will be up to the department to maintain the escrow recovery keys.
Based on the availability of new operating system versions and browser versions, UAB IT has updated its recommendations for both Windows and Mac versions/systems. In addition, with the release of Windows 8, PGP (UAB’s encryption tool for portable/laptop devices) is not currently supported. UAB IT is recommending Microsoft’s BitLocker product for encrypting Windows 8 devices.
For details see:Tweet
Microsoft Dreamspark Premium is now available to all UAB STEM programs at no cost. The Dreamspark program supports technical education by providing access to Microsoft software for learning, teaching and research purposes for faculty & students engaged in a STEM program (science, technology, engineering, math). UAB will be working to make a limited selection of products available to non-STEM programs, but current access to the Dreamspark products is for STEM programs only. For more guidelines on the appropriate rights for installation and use of products under the Dreamspark program click here.
According to Microsoft "DreamSpark is simple: it's all about giving students Microsoft professional-level developer and designer tools at no cost so that students can chase their dreams and create the next big breakthrough in technology - or just get a head start on their career." While most of the software is free, some items are at a small cost and if ordered you must provide a valid form of payment. However, those fee-based products should not be required as part of any course at UAB.
DreamSpark helps educators teach the latest technologies and experiment in research. To make learning more motivating, relevant, and engaging for today's students requires a diverse set of resources. DreamSpark gives educators the resources to ensure their classrooms always have the latest technologies to challenges, motivate, and keep students engaged in new ways.
Access to the Dreamspark program is through an external webportal managed by UAB IT. Login using your BlazerID and strong password (don't worry, the authentication takes place using a secure connection back to UAB...your password is never provided to the external website).
NOTE: While anyone with a valid BlazerID can login to the Dreamspark site, only those students and faculty engaged in a STEM program are currently authorized to order/download any software. Your ability to participate in the program is based on the information UAB passes to Dreamspark during the login process.
Step 1: Get Started Here >>> Order Now - DREAMSPARK Website (see instructions below...login using Single-Sign-on option)
Step 2: Click Sign-in (top right)
Step 3: Sign In using your BlazerID via Single Sign-On (box on the left)
The Campus agreement with Microsoft covers a certain set of software on a campus-wide basis... software such as MS Office that is used by almost everyone on campus. The Campus agreement is an annual term 'site license' based on the number of faculty/staff/students covered. The Campus agreement requires renewal and payment annually to remain in effect.
The Select agreement with MS is basically a volume discount arrangement for software products not included in the Campus agreement. These products are not widely installed, but more limited to use in certain departments or on specific systems such as servers. UAB projects an annual purchase volume (by category, not by software title) and MS provides discounts based on that projection. Should UAB not meet the annual projections future pricing would be based on the actual level of purchases from the prior year.usually at a reduced level of discount. Most product purchased under the Select agreement is granted as a perpetual license with a single upfront payment. No annual renewal fee is required to continue to use the software, but maintenance/support is available as an option.
See the Microsoft Agreement link for more information on what is available under the Campus and Select agreements.
In the case of MS Office and a few other MS products under the UAB Campus Agreement, yes, but with some limitations and not using the same media/download as you used for your UAB owned system. See the related links below for more information. Keep in mind not all software allows home use rights and each license should be verified before loading any software.