News

ALERT: Apply Emergency Update to Chrome

06/07/2023

A vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Patches to Google Chrome should be applied immediately after appropriate testing.

Help Me Now and UH South Paging Services Offices closed on Memorial Day

05/17/2023

HITS walk-up support will be closed on Monday, May 29.

NOTICE: Beware of Phishing Emails Targeting Students

05/02/2023

Highly customized email scams continue to target students at U-M with offers of jobs, internships, accommodations, and more. 

ITS IA Alert: Apply emergency update to Google Chrome browser–No manual steps needed for CoreImage users

04/26/2023

A zero-day vulnerability has been discovered in the Google Chrome browser that could allow for remote code execution. There are no manual steps any CoreImage user should take for this.

Working offsite? Connect your CoreImage device to VPN by May 15 to maintain network access.

04/26/2023

Flexible work is a great Michigan Medicine perk. But if you're not coming onsite regularly, you may not be getting all of the software and security updates your CoreImage PC needs.

Security, Services & Support

Customers may have issues viewing or accessing M365 web applications (at office.com)

04/20/2023

NOTE: This issue has been resolved. If you experience any problems using M365 tools or services, please submit a ticket via the Help Center.

ITS Information Assurance alert: Update WordPress Elementor Pro plug-in for vulnerability

04/04/2023

A vulnerability in Elementor Pro, a widely used WordPress plugin, is actively being exploited by threat actors. Apply the latest updates to Elementor Pro immediately after appropriate testing.

ALERT: Update Progress Telerik against active exploit

03/22/2023

This message was sent to U-M IT groups on Tuesday, 3/21/23. It is intended for U-M IT staff who are responsible for university web servers that use the Progress Telerik User Interface for the .NET framework that runs on Windows.

New! Find IT and data info on the Research Project Process Map

03/21/2023

The ‘IT and Data’ brown line guides researchers through IT security processes via the Research Project Route Map. 

Education, Research, Security

Doublecheck your data: is it safely stored?

03/17/2023

 

As HITS prepares for a CoreImage system update, we remind users to save all data to the cloud or other secure storage.

Clinical, Education, Research, Security, Services & Support

Trouble in two-factor paradise: Hackers double down on Duo scams

03/17/2023

Duo, U-M’s two-factor authentication service, has become the latest technology targeted by hackers. Earlier this month, leaders in Michigan Medicine’s Information Assurance (MM:IA) team rang the alarm bell.

Daylight Saving Time Begins - Effect on MiChart: Sunday, March 12, 2 a.m.

03/07/2023

Sunday, March 12 marks the beginning of Eastern Daylight-Saving Time (DST) which will result in skipping the hour from 2 a.m. to 3 a.m. Once the time change occurs, this means the MiChart downtime for the upgrade will begin at 3 a.m. 

 

For details on the impacts to MiChart, review the Spring 2023 - Daylight Saving Time (DST) document.

Clinical, Education, Research, Security, Services & Support

New monthly Cornerstone Learning report will enable Michigan Medicine leaders to track their teams' training completions

03/01/2023

Starting March 1, a new Cornerstone Learning report (“Manager Digest”) will be emailed to all Michigan Medicine leaders automatically each month – whenever any of their direct reports has assigned training modules that are overdue.

 

HITS to upgrade/replace telephone equipment in multiple locations

02/28/2023

Between now and fall 2023, Health Information Technology & Services (HITS) will replace approximately 8,750 telephones across 50 different Michigan Medicine locations.

Invoke Microsoft Security Advisory for LDAP Channel Binding and Signing

02/23/2023

LDAP channel binding and LDAP signing provide ways to increase the security for communications between LDAP clients and Active Directory domain controllers.

ITS Information Assurance Advisory: Update to version 2.17.0 Apache Log4j

02/22/2023

A zero-day exploit that was originally communicated through an IA Alert on December 10, 2021 is affecting the Apache Log4j utility that could result in remote code execution. This remains an active threat. 

 

ALERT: Patching Microsoft systems for 3 zero-day exploits

02/20/2023

Three zero-day vulnerabilities in Windows systems could allow attackers to achieve remote code execution or SYSTEM privileges on targeted systems. Windows systems should be patched as soon as possible after needed testing.

ITS IA Notice: OpenSSL

02/14/2023

This message is intended for U-M IT staff who are responsible for updating university systems. OpenSSL discovered eight security flaws, seven of which are memory-related. A timing bug and seven memory vulnerabilities were discovered.

Action required before January 25: Applications using Michigan Medicine SSO (SAML) Identity Provider Service

01/24/2023

The Production IdP Signing certificate for the Michigan Medicine Web SSO (SAML) / Access Manager / Web login authentication service will be replaced on January 25 between 5:00 p.m. to 5:30 p.m. and the SAML metadata will be refreshed with the new signing cert info.

ITS IA Advisory: Upgrade Git to version 2.39.1

01/18/2023

Vulnerabilities were discovered in Git version 2.39 and older that could allow attackers to execute remote code. Users should upgrade to Git version 2.39.1 immediately. 

m365_logo

New year, new M365 features!

01/13/2023

Health Information Technology & Services (HITS) is pleased to announce new features and capabilities within Michigan Medicine’s Microsoft 365 (M365) environment designed to make your work experience even better and more productive!

Clinical, Education, Research, Services & Support

Update: Fax Server/AccuRoute Issues

12/20/2022

Thank you to everyone for their patience and understanding over the last five weeks. The Document Management Services Team also want you to know that they hear you loud and clear and are doing absolutely everything they can to help resolve the issues the organization is experiencing with the fax server/AccuRoute WebApps.

 

Paging website upgrade

12/08/2022

As of December 7, the internal paging website was upgraded to offer improved access and usability.

 

For complete information, see the Paging Website upgrade article (Requires login to view content

Clinical, Education, Research, Security, Services & Support

Academic Engagement holding in-person office hours December 6,7, & 8

11/30/2022

Back by popular demand! The HITS Academic Engagement team is holding in-person/hybrid office hours next week to talk through your IT needs. Join us on the medical campus December 6 & 8 and at NCRC December 7. 

Education, Research

Action required for Identity Access Management Oracle database (IDTP) migration from Gold to Platinum Infrastructure by December 10

11/28/2022

This message is intended for HITS staff whose applications/processes that use Identity Management Oracle database (IDTP). 

Pages