Security Bulletin June 2012

In light of the regularity of malware incidents, we have another security bulletin about Java and Windows Update.

Our security team have now seen machines on campus and on the readingConnect network running Java version 1.6.0_31 being compromised via a “Scalaxy” exploit kit. It’s only a matter of time before the exploit appears in other, more prevalent kits.

Java needs to be 1.6.0_33 or 1.7.0_5 (released on Patch Tuesday, 12 June) to be safe. IT Services automated script will now also upgrade Java 1.7.0_x if required, should you need this, please contact IT Services.

This month’s Patch Tuesday Microsoft updates included a fix for a Remote Desktop (RDP) exploit that could again be potentially used for a worm. People with RDP enabled on their PCs or Terminal Servers need to be patched as soon as possible.

There were also fixes for Internet Explorer that are being actively exploited. We have seen one attempt to exploit another IE vulnerability that has not been patched yet, but for which exploit code has been published.

 

Scam emails warning

There has been an attempt today, 25 January, to trap people into giving out their login details for University of Reading IT systems. Should you receive an email with the subject line ‘Attention: Staff/Students’ simply delete it.

Do not open it. Do not click on any links in it. Continue reading