Skip to navigation content (Press Enter).

Software Updates

The Threat

Software is imperfect; very often, operating systems and other applications are released for use with flaws.  These flaws are known as Common Vulnerabilities and Exposures, or CVE for short.  CVE can affect the can be exploited, putting the confidentiality, integrity and/or availability of a system at risk.

The Target

Every system and all software are at some time susceptible to exploitation due to the vulnerabilities and exposures in the code.

The Control

The Mitre Corporation maintains a database of common vulnerabilities and exposures (CVE).  This database is updated as new vulnerabilities and exposures are discovered in existing software.  In response, software manufacturers often release “patches” to repair their software.  Systems without the patches installed are vulnerable to the threat defined within the CVE document.

In the past, maintaining currency of software on servers and systems was a cumbersome task.  Updates and patches had to be tested extensively to ensure that they would not negatively affect another part of the system or application, as was often the case.  Today, the architecture of modern operating systems and the rigour applied to testing patches before they are released have all but eliminated the risk of interference when an update is installed.  There are still occasions that a patch may interfere with other applications, although these are rare.

Be Safe

  • Configure operating systems to automatically install critical updates
  • Configure important applications to automatically install critical updates
  • System administrators should regularly monitor CVE for those that affect their systems

Resources

Microsoft Windows:
http://windows.microsoft.com/en-US/windows/help/windows-update

Red Hat Linux:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html

Apple:
http://support.apple.com/kb/HT1338

Service Bulletins

Citrix Receiver Client Update

UTS asks Citrix users to upgrade Citrix Receiver Client to the most current version by February 28, 2017. See UTS Citrix website for installation and removal information.


Mosaic Upgraded Interface

Service Desk

Client Self Service:
https://servicedesk.mcmaster.ca
Hours: Monday - Friday
8:30 am - 4:30 pm
Phone: 905-525-9140 x24357 (2HELP)
Email: uts@mcmaster.ca
Location: Main Campus BSB Rm. 245
Service Catalogue:
http://www.mcmaster.ca/uts
-->

Great Idea Site

Great Idea