Security, Workstations

Critical Windows Updates TODAY

Scheduled Change: Today, August 15th 5:00 PM
Services Impacted: All Windows desktops and laptops

Google Project Zero has disclosed a critical vulnerability in Microsoft’s Text Services Framework that allows an attacker to gain system level access to any computer. The patch for this vulnerability has been released to campus already, with the deadline for applying it set to next Thursday.

Since Google has now released a proof of concept attack based on this vulnerability it is highly likely that malicious versions will be created and deployed as malware in the next few days.

With this in mind, we have pushed up the deadline for applying this month’s security patches to today at 5pm. This means that the patches will begin applying after 5pm and computers will automatically reboot to apply the patches no later than 5pm tomorrow.

Please leave your computer on when you leave work today so the patches can be applied. If you turn your computer off for the weekend, the patches will apply first thing Monday morning and your computer will reboot once the patches are installed.

Campus technicians who have special exceptions to not have enforced updates should install these updates from software center manually as soon as possible. If you have a Windows computer at home, you should also be sure to check for and apply any updates from Microsoft.

LinkedIn Learning

Lynda.com Migrating to LinkedIn Learning

Update 8/15/2019

Vendor technicians identified an issue today that would interfere with migration of user history from Lynda to LinkedIn Learning. We have placed the migration on hold until that issue can be resolved.

At the moment, Lynda is functioning normally but LinkedIn Learning is inaccessible for most users. I am working with the vendor to determine next steps.

From Distributed Learning Technologies:

Lynda.com is being phased out and migrating all content over to LinkedIn Learning.

The vendor will email all users with an active Lynda.com account to notify them about the change. This will describe the change and inform users that they have several options during the migration. Users will have the option to migrate their Lynda.com training history over to LinkedIn Learning. Users will have the option to link their LinkedIn Learning account to a public LinkedIn Profile; if they do so, they will have the additional option to choose which learning activity (if any) is shown on that profile.

We anticipate that all current Lynda.com content will be available in LinkedIn Learning. After the migration, links to Lynda.com content will automatically redirect to corresponding LinkedIn Learning content. DLT will coordinate a separate effort to update those links before the redirects eventually stop working (currently expected around Q2 2020).

Adobe, Software

Adobe Creative Cloud

CSU, Chico has moved to a site license for Adobe Creative Cloud. It is now available upon request to all employees and students.

There are two types of Adobe Creative Cloud licenses: device-based and person-based. Device-based is intended for lab computers. Person-based is intended for individual users.

Adobe Creative Cloud can be requested in the Service Catalog: https://support.csuchico.edu/TDClient/Requests/TicketRequests/NewForm?ID=1EG5NdovDxI_. Please note in your request whether you need a device-based or person-based license, and whether you’re using a Mac or PC. More information about Adobe Creative Cloud is available at https://support.csuchico.edu/TDClient/KB/ArticleDet?ID=83083.

Once a license has been assigned and software installed you can sign in to Adobe Creative Cloud applications with your CSU, Chico credentials: https://support.csuchico.edu/TDClient/KB/ArticleDet?ID=75685.

Network, Security, Wireless

Wireless Network Update

Scheduled Change: Wednesday, July 24th 9:00 AM
Services Impacted: Campus Wireless

To ensure a secure campus wireless environment, devices that were configured more than a year ago need to be updated with the current network protocol.

We sent direct emails to those that we identified as using the older wireless protocol. If you are unsure if your device is configured correctly, you may re-run the Eduroam setup from your wireless device now by going to https://www.csuchico.edu/eduroam. Click on the “Join Now” button and follow the prompts.

Your wireless access may be interrupted on July 24th if your wireless configuration is not current.

Phishing, Security

Shipping PhishMe Campaign

CSU, Chico was recently targeted by an email scam that imitated a shipping & receiving notice. ITSS emailed faculty and staff to warn them about this scam in March.

We followed up on this scam in May by creating a PhishMe campaign with similar content:

The PhishMe campaign was sent to ~4,000 campus members. Below are the results of this campaign:

As you can see over 14% of employees were found susceptible to phishing. An alarmingly high number of people opened the file attached to this email. You should never open an attachment that you’re not expecting. If you are unsure of the validity of an email you should check with the sender before opening any attachments or links. Opening a malicious attachment can put you, your computer and files, the university, and university systems at risk.

More information about spam and phishing scams is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml.