Office of Information Security

OIS News and Alerts

July 23, 2021

Public vs. private: WFH

Our public vs. private series was rudely interrupted the past few weeks by news about multiple vulnerabilities in Windows Print Spooler (as of this writing, the safest mitigation is still to keep Print Spooler disabled until Microsoft releases a patch). But we’re back on track this week with some public vs. private guidance for working…

July 9, 2021

PrintNightmare: What to do at home

printer on fire

Also see: Recommendations for UW students, faculty, and staff On July 7, Microsoft released an emergency patch for a vulnerability, dubbed “PrintNightmare,” in its Print Spooler service. It’s a serious vulnerability for several reasons, among them: It allows attackers to access your computer over the Internet (via remote code execution or RCE) to steal data…

July 2, 2021

Print Spooler vulnerability “PrintNightmare”

printer

Also see: PrintNightmare: What to do at home Latest update August update Key points How do I know if I’m vulnerable? What can I do about it? Recommendations for UW students, faculty, and staff References This post pertains to CVE-2021-34527, Windows Print Spooler Remote Code Execution Vulnerability. The code that contains the vulnerability is present…

June 25, 2021

File sharing permissions

When you collaborate and share information using UW-provided productivity platforms such as Office 365 or Google Drive, it’s important to ensure that you’re sharing only with people who should have access to files and folders on your individual and team drives. For each file or folder that you create, consider whether you would like the…

June 18, 2021

Series: Public vs. Private

lock

This summer we will be writing weekly posts with a “public vs. private” theme. The first post in the series pointed to our Managing Secrets Risk Advisory. An important concept in data security and privacy is encryption. Encryption is the process of encoding data and/or communications so that only authorized parties can access them, keeping…

June 4, 2021

Out of office messages

desk

Are your out of office (OOO) messages giving away too much information? Keep in mind that cyber criminals and other adversaries may use OOO messages for social engineering or spear phishing attacks. Read the linked article from Security Intelligence for more information, and if you’re going on a trip, check out our Tips for Traveling…