Cyber Security Awareness Month

Information Security

Mission Statement

The Information Security Office is committed to lowering the risk profile of the University’s electronic information by implementing industry best practices to protect the confidentiality, integrity, and availability of student, faculty, and staff information. We uphold the University’s compliance obligations by developing information security policies, providing security awareness training, and overseeing the implementation of strategic information security initiatives.

Cyber Security Alerts

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1367)

On September 23, 2019, Microsoft identified and released a new remote code execution vulnerability that affects how Internet Explorer’s scripting engine handles objects allowing an attacker to gain same user rights as the current user. If the current user has administrative user rights, the attacker could take control of an affected system and gain full user rights.

Internet Explorer on the following operating systems are affected by this vulnerability: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019.

Mitigation:

  • Ensure Internet Explorer is running in restricted mode to reduce likelihood of downloading and running specially crafted web content. This is enabled by default.
  • IE9, IE10, IE11 and newer are not impacted by this vulnerability.

Workarounds:

  1. Restrict access to Jscript.dll
    1. For 32-bit, enter these commands at an administrative command prompt:
      • takeown /f %windir%\system32\jscript.dll
      • cacls %windir%\system32\jscript.dll /E /P everyone:N
    2. For 64-bit, enter these commands at an administrative command prompt in addition to the 32-bit commands:
      • takeown /f %windir%\syswow64\jscript.dll
      • cacls %windir%\syswow64\jscript.dll /E /P everyone:N
  2. Reversing the workaround
    1. For 32-bit, enter this command at an administrative command prompt:
      • cacls %windir%\system32\jscript.dll /E /R everyone
    2. For 64-bit, enter this command at an administrative command prompt in addition to the 32-bit command:
      • cacls %windir%\syswow64\jscript.dll /E /R everyone

For more information visit:

Cyber Security News
VMware Releases Security Updates
Tuesday - November 12, 2019
Adobe Releases Security Updates
Tuesday - November 12, 2019
Intel Releases Security Updates
Tuesday - November 12, 2019

Cyber Security Video of the Month

 

▼   November - Targeted Attacks

2019 EndUser Mod106 TargetedAttacks ESS HostLed MKTG 60sec

SANS Security Awareness

Published on Oct 29, 2019
This video is part of the SANS Security Awareness training.