Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer. This vulnerability was discovered by Google’s Threat Analysis Group and has been actively used in targeted attacks.

UAB IT recommends all Windows desktops be updated, as the vulnerability is being actively exploited. These updates will be applied to UAB IT Desktop customer systems during the upcoming maintenance window this weekend.

More information on the vulnerability and the released update is available here.

UAB IT has debuted a cloud storage service for campus faculty and staff. OneDrive

Each UAB faculty and staff member can now sign up for a Microsoft OneDrive account, which provides 1TB of cloud storage and allow file sharing. Individual file size limits are 2GB. Microsoft plans to add unlimited storage and increase file size limits to 10GB in early 2016.

Faculty and staff can also use the Microsoft Office programs including Word, Excel and PowerPoint in the cloud, as well as download those programs to their computers. The Office products are primarily made available for installation on the user’s personal/home system, and faculty/staff should consult with their department or school's IT support before installing any Office 365 products on their UAB system. Office products for installation on UAB systems should be downloaded from UAB IT’s software library.

Photos, videos, spreadsheets and other work documents can be stored in OneDrive accounts, and users can also create, edit and share Microsoft documents within their accounts. Users can access files on any device, including PCs, Macs, tablets and mobile phones.

UAB does not permit storage of sensitive data in the cloud. For guidance, refer to:

Microsoft Office 2016 for PCs will be available for download for faculty and staff in early October.

Office 2016 will be available for download from the UAB IT software site, after Microsoft releases it to volume licensing customers.

Office 2016 has new versions of applications including Word, PowerPoint, Excel and Outlook. The Office 2016 apps are designed for collaboration, with new features that remove barriers for team success and allow co-authoring and Skype in-app integration.

Quick Start Guides for Office 2016 are available here.

Office 2016 is already available for Mac users and is available for UAB students through Office 365.

Microsoft on Monday released a critical patch outside of its normal patching cycle. 

The update fixes a vulnerability in Windows that could allow an attacker to execute code on a system if they can convince the user to open a specially crafted document, or have them visit an untrusted webpage that contains embedded OpenType fonts. 

The update, which requires a system reboot, was released to all UAB IT Desktop-supported machines at 4 p.m. Monday. Users have 72 hours to let the patch install and reboot the system. Users should get a notification bubble pop up at the system tray. After 72 hours, if a user has not allowed the patch to install, it will install automatically and the system will be forced to reboot.

UAB IT urges users to find an opportune time to let the patch install and allow the reboot occur to help protect UAB systems and information.
Microsoft has released a security package to correct a critical vulnerability in Windows, and UAB IT is urging campus technical professionals and users to apply the patch immediately.

Microsoft released security bulletin MS14-066 “Vulnerability in Schannel Could Allow Remote Code Execution (2992611),” for November’s Patch Tuesday.

MS14-066 is a critical vulnerability in the Microsoft Secure Channel (Schannel) security package that allows specially crafted packets to compromise the machine. This affects all Windows servers and clients. Microsoft indicates that there are no workarounds or mitigations.

Please run the Windows update as soon as possible for all your Windows machines, servers and clients.

What is Schannel?

Secure Channel, also known as Schannel, is a security support provider (SSP) that contains a set of security protocols that provide identity authentication and secure, private communication through encryption. Schannel is primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications.


For more information:

https://technet.microsoft.com/library/security/MS14-066

https://isc.sans.edu/diary/Microsoft+November+2014+Patch+Tuesday/18941

https://isc.sans.edu/forums/diary/How+bad+is+the+SCHANNEL+vulnerability+CVE-2014-6321+patched+in+MS14-066+/18947

http://www.zdnet.com/drop-what-youre-doing-and-patch-the-windows-schannel-bugs-now-7000035738/

Based on the availability of new operating system versions and browser versions, UAB IT has updated its recommendations for both Windows and Mac versions/systems. In addition, with the release of Windows 8, PGP (UAB’s encryption tool for portable/laptop devices) is not currently supported. UAB IT is recommending Microsoft’s BitLocker product for encrypting Windows 8 devices.

For details see:

Microsoft Recommended Systems/Versions

Apple/Mac Recommended Systems/Versions

Microsoft Windows 8 and BitLocker Encryption