| Home | Update | Hacking | Protection | Contact | Alerts |

Welcome to the OIT Security Website

FAKE E-MAIL ALERT

University Officials will never ask you to send your password in an e-mail message.  If you receive such a message, DELETE IT.  If you respond to such a message, CHANGE YOUR PASSWORD immediately.

 

______________________________

The security group within the Office of Information Technology is responsible for the coordination of a variety of IT Security related activities.  These include:

·         Incident Management and Response

·         Compliance Coordination

·         Vulnerability and Threat Assessment

·         Awareness and AUP Enforcement

·         Security Policy Development

 

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

 

Conficker Virus Update

Updated April 9, 2009

 

We have seen a small number of systems infected with the Conficker virus over the past week.  Nearly all of them have been privately owned systems on the wireless network.  If you are concerned that a system might be infected, you can use the Conficker Eyechart as a guide.  The eye chart takes advantage of the fact that Conficker blocks access to a number of popular internet domains.

 

Microsoft Announces Emergency Update for Internet Explorer

Updated December 18, 2008

 

Microsoft has issued an out-of-cycle update to address vulnerabilities that exist in all commonly used versions of Internet Explorer including the beta-2 release of IE8.  These browser vulnerabilities are being actively exploited via compromised websites.  For more information, please see:

http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

 

Microsoft Announces Emergency Update
updated October 23, 2008

Microsoft has issued a security update outside of the usual monthly schedule due to the risks associated with the issue.  The update addresses a vulnerability that has the potential to be exploited by worm-like programs on unpatched systems.  For more information,  please see:

http://www.microsoft.com/protect/computer/updates/bulletins/200810_oob.mspx

 

 

Microsoft Announces October Vulnerability List
updated October 15, 2008

Microsoft has released their security updates for October 2008.  This month’s list includes:

CRITICAL:

·         MS08-060 Vulnerability in Active Directory Could Allow Remote Execution (957280)

·         MS08-058 Cumulative Security Update for Internet Explorer (956390)

·         MS08-059 Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)

·         MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

IMPORTANT:

·         MS08-066 Vulnerabilities in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)

·         MS08-061 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)

·         MS08-062 Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)

·         MS08-063 Vulnerability in SMB Could Allow Remote Code Execution (957095)

·         MS08-064 Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)

·         MS08-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)

For more information, please see:

http://www.microsoft.com/protect/computer/updates/bulletins/200810.mspx

 

 

 

 

 

 

Version 1.5 of USM Guidelines In Response to the State IT Security Policy has been released.

 

If you wish to report a crime or feel that you are in danger,
please contact the University of Maryland Police Department

 

This page is maintained by the Office of Information Technology
Questions and/or comments: oitsec-feedback@umd.edu
Last modified: December 18, 2008
© 2008 University of Maryland

University of Maryland