See the update to this advisory. This message is intended for U-M IT staff who are responsible for any systems that utilize curl and libcurl.
Google has released an important update for Android to remediate a zero-day vulnerability (CVE-2023-4863 and CVE-2023-4211) that is being actively exploited in the wild. We expect additional software vendors will also be releasing updates to fix other applications affected by this vulnerability.
Update Android devices as soon as possible.
A vulnerability (CVE-2023-4911) in the GNU C Library (i.e., glibc) on many popular Linux distributions has been discovered. Successful exploit of this vulnerability can give a malicious actor full root privileges. Proof of concept (POC) exploit code is publicly available. Linux systems should be patched as soon as possible.
ALERT: Apply Urgent Update to Google Chrome and Mozilla Firefox Browsers, and other software (CVE-2023-5217)
NOTE: EDEM is in the process of getting the updated version packaged and will be deploying it to all CoreImage devices in the coming days - there is no action CoreImage users need to take. Note that EDEM does not manage Firefox, so if users have it installed they should follow ITS instructions and update manually.
A major incident impacting Level 2 authentication services has been resolved.
This message is intended for U-M IT staff who are responsible for university devices running the Mozilla Firefox web browser or Thunderbird email client. It will also be of interest to individuals who have these programs installed on their own devices.
Be aware of this and share/advise those in your community that this calling activity is a scam.
Google has released an important update to the Google Chrome web browser for a zero-day vulnerability that is being actively exploited in the wild. Update Chrome as soon as possible.
This week, the organization will officially retire its annual Valuation form.
Ray Khamo talks Microsoft, his team's impact on the university, golf, and his family's journey.
Help spread awareness of scam emails that target students
Wolverine Access got a fresh look look and enhanced usability on July 15.
The upgrade to the new MiChart software platform will take place Sunday, July 9, starting at 1 a.m.
Workstation Information was a HITS-developed and maintained tool installed across the Classic-CoreImage fleet. It was removed recently due to lack of compatibility with other HITS systems.
HITS walk-up support will be closed on Tuesday, July 4.
This message is intended for Shibboleth Service Providers (SPs)
The XMLTooling library in OpenSAML and Shibboleth Service Provider software contains a server-side request forgery (SSRF) vulnerability. Update to version 3.2.4 or later of the XMLTooling library to fix the vulnerability.
A vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Patches to Google Chrome should be applied immediately after appropriate testing.
HITS walk-up support will be closed on Monday, May 29.
Highly customized email scams continue to target students at U-M with offers of jobs, internships, accommodations, and more.
ITS IA Alert: Apply emergency update to Google Chrome browser–No manual steps needed for CoreImage users
A zero-day vulnerability has been discovered in the Google Chrome browser that could allow for remote code execution. There are no manual steps any CoreImage user should take for this.
Flexible work is a great Michigan Medicine perk. But if you're not coming onsite regularly, you may not be getting all of the software and security updates your CoreImage PC needs.
NOTE: This issue has been resolved. If you experience any problems using M365 tools or services, please submit a ticket via the Help Center.
A vulnerability in Elementor Pro, a widely used WordPress plugin, is actively being exploited by threat actors. Apply the latest updates to Elementor Pro immediately after appropriate testing.