Apply
Mission Statement
The Information Security Office is committed to lowering the risk profile of the University’s electronic information by implementing industry best practices to protect the confidentiality, integrity, and availability of student, faculty, and staff information. We uphold the University’s compliance obligations by developing information security policies, providing security awareness training, and overseeing the implementation of strategic information security initiatives.
Cyber Security Alerts
Scripting Engine Memory Corruption Vulnerability (CVE-2019-1367)
On September 23, 2019, Microsoft identified and released a new remote code execution
vulnerability that affects how Internet Explorer’s scripting engine handles objects
allowing an attacker to gain same user rights as the current user. If the current
user has administrative user rights, the attacker could take control of an affected
system and gain full user rights.
Internet Explorer on the following operating systems are affected by this vulnerability: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019.
Internet Explorer on the following operating systems are affected by this vulnerability: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019.
Mitigation:
- Ensure Internet Explorer is running in restricted mode to reduce likelihood of downloading and running specially crafted web content. This is enabled by default.
- IE9, IE10, IE11 and newer are not impacted by this vulnerability.
Workarounds:
- Restrict access to Jscript.dll
- For 32-bit, enter these commands at an administrative command prompt:
- takeown /f %windir%\system32\jscript.dll
- cacls %windir%\system32\jscript.dll /E /P everyone:N
- For 64-bit, enter these commands at an administrative command prompt in addition to the 32-bit commands:
- takeown /f %windir%\syswow64\jscript.dll
- cacls %windir%\syswow64\jscript.dll /E /P everyone:N
- For 32-bit, enter these commands at an administrative command prompt:
- Reversing the workaround
- For 32-bit, enter this command at an administrative command prompt:
- cacls %windir%\system32\jscript.dll /E /R everyone
- For 64-bit, enter this command at an administrative command prompt in addition to the 32-bit command:
- cacls %windir%\syswow64\jscript.dll /E /R everyone
- For 32-bit, enter this command at an administrative command prompt:
For more information visit:
Cyber Security News
Reminder: Malware Can Exploit Improper Configurations
Friday - November 15, 2019
NCSC-NZ Releases Annual Cyber Threat Report
Thursday - November 14, 2019
VMware Releases Security Updates
Tuesday - November 12, 2019
Adobe Releases Security Updates
Tuesday - November 12, 2019
Intel Releases Security Updates
Tuesday - November 12, 2019
Cyber Security Video of the Month
▼
November - Targeted Attacks
SANS Security Awareness
2019 EndUser Mod106 TargetedAttacks ESS HostLed MKTG 60sec
SANS Security Awareness
Published on Oct 29, 2019
This video is part of the SANS Security Awareness training.