On August 27, 2012 security researchers reported a vulnerability in Oracle Java version 7 (also known as 1.7). Oracle typically releases Java patches every three months, but they made public an update that resolves this vulnerability on August 30, 2012. The vulnerability in Java is actively being exploited, and has been ported to utilities that make it relatively easy to target unpatched computers.

At the above site, please click to Agree and Start Download. We recommend that you unclick a subsequent box offering to install a toolbar along with the patch.

Browsing the web with a vulnerable version of Java could lead to your computer being infected by simply being redirected to an infected web page. This is known as a “drive-by download”, where minimal user interaction is needed to fully compromise your system.

Platforms Affected:

• Windows computers running Java version 7 are vulnerable
• Mac computers running Java on OS X Lion or Mountain Lion are NOT vulnerable

If you are unsure which version of Java you are running, you can find out by pointing your web browser to the Java Tester tool.

If the pink block shows that you have “Java Version: 1.7.0_07 from Oracle Corporate”, then you are no longer at risk. However, if your machine is not properly patched, we strongly encourage you to download and install the latest version of Java.

Please call the Technology Support Center at 312-362-8765 or write to security@depaul.edu if you have any questions.

PROBLEM: Conficker is a worm that puts at risk sensitive enterprise data and confidential personal information. The Conficker worm was originally discovered in October of 2008. The worm has targeted machines missing a critical security patch (MS08-067) on Windows computers. Estimates on the number of compromised computers calculate as much as 10 million infections. The latest version of the worm, Conficker.C, is expected to have improved detection avoidance and peer control communication.

RECOMENDATIONS: Make sure that your machine is properly updated with the latest windows security patches, particularly MS08-067. You should at least CHECK to see if the patch (MS08-067) has been installed on your computer. Ensure that your antivirus application is updated with the latest antivirus signatures.

Is your machine already infected? 

i.  Can you navigate to the windows update web site? Windows Update

ii. Can you navigate to known information security websites? McAfee 
Symantec  F-Secure 

REMOVAL TOOL: McAfee Stinger for Conficker

REFERENCES: US-CERT, Microsoft TechNet

PROBLEM: Adobe Reader and Adobe Acrobat have a crictial security vulnerability affecting all versions prior to version 9. Exploits in the form of malicious PDF files targeting the vulnerability have been observed.

SOLUTION: Adobe Systems Incorporated has made available patched versions of Adobe Reader and Acrobat. Users are encouraged to download and install the new version of Adobe Reader/Acrobat as soon as possible. The download links for Adobe can be found HERE.

REFERENCES: Adobe Security Bulletin, Adobe Security Update, US-CERT

Last Revised: April 1st, 2009