Information Security


Current Alerts

Critical Intel Firmware Updates

Intel has posted details of a critical firmware update which affects a large proportion of systems produced by all major PC vendors. The update includes fixes for multiple critical vulnerabilities, including one which is remotely exploitable over the network. A detection tool is available for both Microsoft Windows and Linux systems and can be downloaded directly from Intel. It is available as both a GUI application and a scriptable command line tool. PC vendors are currently in the process of producing firmware updates for their products, which are anticipated to be released in the... Continue reading

Posted in

WPA2 key reinstallation attacks (KRACKs)

Security researchers have disclosed a vulnerability in the handshake mechanism unpinning the WPA2 (Wi-Fi Protected Access) protocol. The class of attack has been named 'key reinstallation attacks' (KRACKs) The vulnerability potentially allows an attacker to attack to decrypt packets sent by clients. Mitigation of the vulnerability will require patching software on clients (i.e. on laptops, phones, tablets). Linux systems notably Android are known to be vulnerable. The vulnerability does not allow the shared secure (password) to be compromised and equally although access point vendors... Continue reading

Posted in

End of Life for Microsoft Office 2007

This is a reminder that the end of life date for Office 2007 is October 10, 2017. When Office 2007 reaches its End of Life, Microsoft will no longer provide: Technical support for issues Bug fixes for issues that are discovered Security fixes for vulnerabilities that are discovered In addition, as of October 31, 2017, Outlook 2007 will be unable to connect to Office 365 mailboxes, which means Outlook 2007 clients using Office 365 will not be able to receive and send mail. For more information, see RPC over HTTP deprecated in Office 365 on October 31, 2017.... Continue reading

Posted in

End of mainstream support on Office for Mac 2011

On October 10, 2017, mainstream support will end on Office for Mac 2011. There will be no new security updates, non-security updates, free or paid assisted support options or online technical content updates after this date. Additionally, Office for Mac 2011 will no longer be an option for download through the Office 365 portal. Further information can be found on the Microsoft blog at:

Posted in

LDAP Amplification Denial of Service Attacks

OxCERT have been notified that a number of hosts within the University network have LDAP servers lisenting for requests on UDP port 389. Such hosts can be used in denial of service attacks against other hosts both internally and on the wider internet. Please see OxCERT Bulletin OSB2017-10 for more details.

Posted in
Subscribe to Current alerts listing