Information Security

Mission Statement

The Information Security Office is committed to lowering the risk profile of the University’s electronic information by implementing industry best practices to protect the confidentiality, integrity, and availability of student, faculty, and staff information. We uphold the University’s compliance obligations by developing information security policies, providing security awareness training, and overseeing the implementation of strategic information security initiatives.

Cyber Security Alerts

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)

On May 15, 2019, Microsoft identified and released a new remote code execution vulnerability that targets Remote Desktop Services. This vulnerability allows an attacker to send specifically crafted requests and initiate RDP sessions without the need to authenticate, thus allowing unauthorized code execution and full access to the targeted system. Microsoft has identified the problem and included the fix in the latest Windows Updates.

The following operating systems are affected by this vulnerability: Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2.

Mitigation:

Disable Remote Desktop Services if they are not required.
Install the May 2019 'Monthly Rollup' or specific security update for your operating system.
Upgrade to the latest version of Windows if you are using an outdated Windows operating system.

Workarounds:

Enable Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2.
Block TCP port 3389 at the enterprise perimeter firewall.