Information Technology Group

Critical Zero-day bug in Adobe Flash

An Adobe security advisory issued on Monday April 11, 2011 states that attackers are actively exploiting an unpatched vulnerability in the Flash Player by embedding the attack code within a Microsoft Word document sent as an attachment. The vulnerability could cause a crash and potentially allow the attacker to take control of the affected computer.  According to an analysis on the Microsoft site, the attachments have been named "Fukushima.doc" or "evaluation about Fukushima Nuclear Accident.zip".  As always, you should use caution when opening files received as email attachment even when the emails appear to come from people you know.  If you are interested, you can read more about this critical vulnerability on the Adobe site or the Microsoft site (links below).

http://www.adobe.com/support/security/advisories/apsa11-02.html

http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx

Adobe Phishing Scam

There have been recent reports of emails being sent out that claim to offer newer versions of Adobe Acrobat or Adobe Reader and claim to be sent by Adobe. These emails have not been sent by Adobe and users should delete the emails without clicking on any of the links. More details about these emails can be seen on the CNET website as well as the Adobe site itself.  In addition, more information about phishing scams in general are available on the UT website  (links below).

http://news.cnet.com/8301-1009_3-20049199-83.html?tag=mncol;title

http://blogs.adobe.com/psirt/2010/11/alert-adobe-acrobatreader-upgrade-email-spamphishing-scam.html

http://www.utexas.edu/its/secure/articles/dont_get_hooked.php

 

VPN Update Alert

Many VPN users received a notice that an upgrade would be required.

Most users can ignore this message.  iPhone users may need to refresh the settings.  If you have any questions, submit a ticket and we can help you.

Below is a sample of the email.

*****************************************************************

From: ITS Helpdesk
Sent: Tuesday, March 22, 2011 2:48 PM
To: Howe, Joe
Subject: ACTION REQUIRED: VPN Client Update

This message is to alert you that ITS has posted a new Cisco Systems VPN Client on BevoWare for all operating systems.  The certificate for the current VPN client from BevoWare will soon expire and prevent users from logging on.  Users of the Cisco AnyConnect VPN Client are not affected.

If you fall into one of the following categories, you must update your client:

  • You use the desktop client from BevoWare and you downloaded it prior to March 21, 2011
  • You set up an iPhone VPN profile using the iPhone configuration page

 Please do one of the following as soon as possible:

You must have administrative privileges on your computer to install any VPN client. Please contact your desktop support staff if you need assistance.

Effective April 25th, 2011, the vulnerable VPN client will no longer be able to connect to the VPN service.

Please contact your desktop support staff or the ITS Help Desk at 512-475-9400 if you have any questions about this message.

--

Information Technology Services

 

Cisco AnyConnect VPN Upgrade

Cisco AnyConnect VPN Upgrade

The next time you run Cisco AnyConnect VPN, you will receive a message that the application needs to be upgraded.  The upgrade process will start automatically.  A new window will popup with the following message:

"The installer is setting up the AnyConnect application.  This could take a momnt.  Please wait..."

The upgrade process will take a few minutes.  Once completed, you will automatically be connected to VPN.  Please let us know if you encounter any problems. 

Happy Computing!

ITG Service Desk

service.desk@engr.utexas.edu

512-232-2486

ECJ 1.226

301 Dean Keeton

Austin, Texas 78712

Hours: Mon-Fri 8 a.m.-noon; 1-5 p.m.

Enabling Student Accounts

Students need to enable their EIDs to access Engineering labs and 4GB of data storage.

Enable your account