Informatics InfoSec Bulletin The SSW Informatics department will start putting together a weekly InfoSec Bulletin to keep faculty and staff alert of current vulnerabilities that may affect their home computers and other devices. We will continue to provide quality protection for your work machines. Vulnerability in Google Chrome MS-ISAC has issued an advisory alert for the Google Chrome browser. This alert concerns vulnerabilities in Google Chrome versions prior to 61.0.3163.79 that could allow for arbitrary code execution. This means that a hacker could potentially run a malicious program on your computer without your consent. Thankfully there is a patch from Google that is very easy to apply. To check for an update and see the current browser version on your computer:
On your computer, open Chrome.
At the top right, click ‘More’ (it is the icon that looks like 3 vertical dots; think colon (:) with an extra dot in the middle).
Click ‘Help’ and then ‘About Google Chrome’.
A new tab will open and if an update is available, Chrome will start to automatically download it.
The current version number is the series of numbers beneath the "Google Chrome" heading. Chrome will check for updates when you're on this page.
Click Relaunch to apply any available update.
At the time of this post, the most up-to-date version of Google Chrome is 61.0.3163.91. More detailed information can be found here (www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution-21/). Key logger in HP computers We have been getting reports from some users that Symantec is quarantining ‘MicTray.exe’ and ‘MicTray64.exe’. This certain piece of software is a bit of an oddity. It was built by a legitimate software company that makes sound cards for laptops and desktops. This issue with this particular file is that it was designed to log a user’s keystrokes and store them in an unsecure place on their computer. Obviously this is a major issue in regards to computer security, but is only reported to be affecting certain HP computers (no other brand; Dell, Acer, Asus, etc. are all reported as being fine). Thankfully there is patch for this. HP has a link (support.hp.com/us-en/document/c05519670) where people can go and download the patch. Unfortunately there isn’t a ‘one-size-fits-all’ patch, so affected users will need to search for their computer model and download/install the corresponding patch. If you don’t know, or are unsure of what model HP you have, click here (support.hp.com/us-en/document/bph07555) for an overview on how to locate your specific model. Reminder The Informatics department is on top of ensuring your work computers remain as secure as possible, and the alerts above are being taken care of. This bulletin is to let you know that these vulnerabilities and vulnerabilities may be present on your personal home computers, and how to resolve them.