Skip to Content

UBC IT Bulletins

Printer-friendly PDF version
Syndicate content
Updated: 5 days 15 hours ago

UBC Directory maintenance Jan 12, 2018 07:30 – 08:00 PT

January 11, 2018 - 7:45am

The UBC Directory site (https://directory.ubc.ca) will be undergoing maintenance on January 12th, 2018 from 7:30 to 8:00 PT.

The maintenance will not have an effect on the availability of the application.

Peter A. Allard Hall Law Building Network Upgrade January 22, 2018 21:30 – January 23, 01:30 PT

January 11, 2018 - 7:30am

Network maintenance is being performed on the Peter A. Allard Hall Law building network to facilitate upgrades as part of the Network Switch Replacement Program. During this service window on Monday, January 22, 2018 21:30 – January 23, 01:30 PT, all wired and wireless network services will be sporadic, as the network services are migrated, and the connectivity is verified.

Peter A. Allard Hall Law Building Network Upgrade January 24, 2018 21:30 – January 25, 01:30 PT

January 11, 2018 - 7:15am

Network maintenance is being performed on the Peter A. Allard Hall Law building network to facilitate upgrades as part of the Network Switch Replacement Program. During this service window on Wednesday, January 24, 2018 21:30 – January 25, 01:30 PT, all wired and wireless network services will be sporadic, as the network services are migrated, and the connectivity is verified.

Worskspace macOS Sync Client Update January 10, 2018 06:00 – 06:30 PT

January 10, 2018 - 8:00am

The Workspace Airwatch Content Locker Sync Client for macOS will be updated on the Workspace servers.

After the update, Workspace users can download the new client from the Workspace web portal at files.workspace.ubc.ca

Email Delivery Delays January 1, 2018 – January 9, 2018

January 9, 2018 - 2:11pm

Please be advised that some user may receive delayed email delivery on messages containing Excel file attachments.  Our vendor has acknowledged this as a known issue and are currently working on a fix.  Technicians have implemented a workaround to mitigate the issue

UBC Mailing Lists Maintenance January 09, 2018 21:00 – 21:30 PT

January 9, 2018 - 11:47am

The UBC Mailing Lists service will be undergoing maintenance. The site ‘lists.ubc.ca’ may be inaccessible during this period.

Meltdown and Spectre CPU Vulnerabilities

January 9, 2018 - 11:14am

Risk: High

CVE: CVE-2017-5754, CVE-2018-5753

 

Meltdown and Spectre are two CPU vulnerabilities that have recently been detected in Intel, AMD, ARM and Qualcomm processors. Currently there are no exploits available in the wild; however if successful, attackers can take advantage of three variants of the flaw and steal sensitive data, such as passwords and banking information.  Spectre is affected by two variants, while Meltdown only has one variant of the flaw.

Meltdown mainly affects Intel processors, as well as some ARM processors, allowing hackers to bypass security barriers between applications that is usually managed by hardware.

Spectre on the other hand, allows hackers to trick error-free applications into giving up secret information and affects all aforementioned processor vendors.

 

Impacted Devices:

  • All computer devices, including desktops, laptops, servers, tablets and smartphones (iOS and Android) that run on most Intel, AMD, ARM and Qualcomm processors manufactured in the last decade are affected; some affected processors go back more than 20 years.

 

What UBC IT is doing:

We are continuing to assess the risk of this threat as it evolves. While that analysis is underway, the following activities are being conducted:

  1. An inventory of affected systems is being built
  2. Patch availability is being analyzed, including released dates
  3. Released patches are being tested for production usage to identify any performance impacts
  4. Security vendors are being engaged to identify security controls that can protect against exploits, should they become available

 

Recommendations for Users:

  • Based on current industry information, the only solution to fully resolve the issue will be to replace the hardware; however, at this time no new hardware is available to address the issues; in the interim patches are available to mitigate against future attacks that can exploit the two vulnerabilities.
  • Mitigations likely will include a combination of BIOS/firmware updates for hardware, in addition to operating system and application patches. In the event that BIOS updates become available for these vulnerabilities, it is strongly recommended that non-technical users not attempt upgrading the BIOS themselves, especially if there’s a possibility that the main drive of the computer is encrypted, as this would likely render the computer inoperable.
  • Please update your antivirus software
  • Please update your operating system and download the latest patches.  Below is the status of updates of browsers and operating systems that we have put together regarding the patches.

 

Meltdown & Spectre Operating System Patches:

  • Windows Desktop: Microsoft released patches for Windows 10, 8.1 and 7 SP1 on Jan 3 for systems with compatible Anti-virus; Sophos, Trend Micro and Cisco AMP are compatible – see links below for details
  • Windows Server: Microsoft released patches for Windows 2008 R2, 2012 R2 and 2016 on January 3 for systems with compatible Anti-virus (as above)
  • macOS, iOS, tvOS: Apple released patches in December and January. Patched versions are: macOS 10.13.2 Supplemental Update, iOS 11.2.2 and tvOS 11.2. Apple watch is unaffected
  • Android: Google pushed patches for both vulnerabilities to manufacturers in December 2017. Please check with your hardware manufacturer for when/if an update will be available for your device. Google supported devices that will receive the patch include Nexus 5X, Nexus 6P, Pixel C, Pixel/XL, and Pixel 2/XL.
  • Chrome OS 63: Introduced protections for both vulnerabilities in Dec 2017
  • Red Hat: released multiple updates – see the link at the bottom for patch availability
  • Ubuntu: to be released Jan 9 for 17.10, 16.04 LTS, 14.04 LTS, 12.04 ESM
  • VMware: has various patches for products – see the details in the link below
  • Amazon Web Services: They are patched, but customers must still patch the OS running in Amazon’s virtual machine
  • Azure is patched, customers need to reboot their virtual machines

 

Spectre Browser Patches:

  • Chrome: Partial protection will be introduced on January 23 in Chrome 64
  • Edge & Internet Explorer: Microsoft has already made updates to both browsers and more improvements are expected to be coming
  • Firefox: Mozilla has released partial mitigations on January 4 in 57.0.4 for desktop browsers on Windows macOS and Linux (no iOS or Android updates yet)
  • Safari: Apple has released an updated version of Safari in addition to updates for iOS and macOS

 

 More information

General Information https://www.theregister.co.uk/2018/01/05/spectre_flaws_explained/

http://mashable.com/2018/01/04/spectre-meltdown-explained/#TpXewZZ1KmqN

https://www.pcworld.com/article/3245790/mobile/spectre-cpu-faq-phones-tablets-ios-android.html

https://www.theregister.co.uk/2018/01/06/qualcomm_processor_security_vulnerabilities/

  Windows Operating System

  https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

http://www.securityweek.com/microsoft-suspends-cpu-flaw-patches-amd-devices

  Mac and iOS Devices

  https://www.imore.com/meltdown-spectre-faq

https://support.apple.com/en-us/HT208394

https://support.apple.com/en-us/HT208331

  Android Devices https://support.google.com/faqs/answer/7622138#android

https://www.androidcentral.com/meltdown-spectre

  Linux https://access.redhat.com/security/vulnerabilities/speculativeexecution

https://www.suse.com/support/kb/doc/?id=7022512

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

  Virtual Machines https:// www.vmware.com/security/advisories/VMSA-2018-0004.html

  Antivirus Vendors https://community.sophos.com/kb/en-us/128053

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1118996.aspx

https://supportforums.cisco.com/t5/sourcefire-documents/cisco-amp-for-endpoints-compatibility-with-windows-security/ta-p/3306874

  Antivirus Vendors Compatibility Status https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

 

myVPN Client Software Upgrade January 9, 2018 11:00-12:00 PT

January 8, 2018 - 9:50pm

The Cisco Anyconnect VPN client for Windows, MacOS and Linux will be upgraded to version 4.5.02033 on Tuesday Jan 9th between 11:00 and 12:00 PT. The new software will automatically prompt users to upgrade when they next launch their current VPN client and connect to ‘myvpn.ubc.ca’. No reboot is required.

Please note that the new version does not work on Windows XP/Vista and Mac OS 10.9 or earlier. Users with these OS systems are encouraged to upgrade their devices to a newer OS version for better security features and latest myvpn client support. For users not able to upgrade, please open a ticket with ITSC for manual IPSEC setup for myvpn access.

[Update] BCNET Victoria-Seattle Marine cable fiber cut – January 6th, 2018 06:45 PT – Ongoing

January 6, 2018 - 8:55am

From: 06:45 PT Saturday, January 6, 2018
To:   Ongoing

 

Update: Arrival date of fiber repair ship is not known as it is currently repairing another undersea fiber break.  End of January is the current ETR targeted

Reason: BCNET circuit carrier confirmed an undersea fiber cut between Seattle and Victoria. A repair effort is on the way.

Effects: Clients impacted have diverse paths so impact is minimal

 

Contact:    Please contact the BCNET Network Operations
Centre at 604-822-1348 option 3 or noc@bc.net
when network problems are experienced outside of
a maintenance window.

 

Posted By:  BCNET Network Management Centre
604-822-1348 option 3
noc@bc.net

BCNET – Emergency Maintenance – Vancouver, Kamloops and Kelowna Reboot – January 7th, 2018 06:00 – 08:00 PT

January 5, 2018 - 7:51pm

From: 06:00 PT Sunday, January 7, 2018
To: 08:00 PT Sunday, January 7, 2018

 

Reason: BCNET will be performing a router reboot at the following locations:  Vancouver, Kamloops and Kelowna

 

Effects: Network connectivity in Vancouver, Kamloops and Kelowna will be interrupted during this maintenance window. Research network and local peering traffic across BCNET will be impacted as well

 

Contact: Please contact the BCNET Network Operations Centre at 604-822-1348 option 3 or noc@bc.net when network problems are experienced outside of a maintenance window.

Resolved – lists.ubc.ca site outage – Jan 5, 2018 18:26 PT

January 5, 2018 - 6:28pm

The issue with lists.ubc.ca has been resolved.

lists.ubc.ca site outage Jan 5, 2018 17:43 PT

January 5, 2018 - 6:16pm

The lists.ubc.ca site is currently out of service.  Technicians have been contacted and are investigating the issue.

Mail Relay Service Maintenance Jan 05, 2018 17:00 – 18:00 PT

January 5, 2018 - 4:58pm

The UBC Mail Relay service will be undergoing maintenance during this period. No end user impact is expected.

WeBWorK Scheduled Maintenance Jan 5, 2018 10:00-10:15 PT

January 5, 2018 - 10:09am

WeBWorK will be unavailable for scheduled maintenance from 10:00-10:15 PT on Friday January 5, 2018.

Resolved – lists.ubc.ca site outage – Jan 5, 2018 09:45 PT

January 5, 2018 - 10:08am

The issue with lists.ubc.ca has been resolved.

lists.ubc.ca site outage Jan 5, 2018 09:00 PT

January 5, 2018 - 9:14am

The lists.ubc.ca site is currently out of service.  Technicians have been contacted and are investigating the issue.

Shibboleth Consent Form Implementation for UBC IT Software Downloads/Kivuto January 4, 2018 11:00 – 14:00 PT

January 4, 2018 - 8:00am

Beginning Thursday, January 4, 2018, users will now be required to agree to a consent form before downloading software from Software Downloads/Kivuto (hxxps://download.ubc.ca). At the request of University Counsel and Risk Management, a consent form will be enabled as part of the CWL login process before a user is given access to the storefront. Inclusion of the form allows the Kivuto application to be used in Canada and remain within FIPPA guidelines (Section 30.1(a) of FIPPA – hxxp://www.bclaws.ca/Recon/document/ID/freeside/96165_03#section30.1).

The consent form will be enabled on Thursday, January 4, 2018 with a change window that will run from 11:00 to 14:00 PT and there will be no outage of service for Software Downloads/Kivuto or CWL during the implementation.

If you have any questions or concerns, please contact the IT Service Centre at www.it.ubc.ca/helpdesk

Hyperion Maintenance – January 5, 2018 16:00 – 21:00 PT

January 4, 2018 - 7:45am

The Hyperion service will be undergoing maintenance between 16:00 and 21:00 PT on January 5, 2018. During this change window, there will be an approximate 3 hour window in which the service will be inaccessible.

UBC Okanagan FASmail Certificate Warning January 3, 2018

January 3, 2018 - 10:29am

Please be advised that some users may experience a certificate warning when connecting via Outlook.  The warning states “There is a problem with the proxy server’s security certificate.  Outlook is unable to connect to the proxy server rpc.mail.ok.ubc.ca (Error Code 80000000).”  This warning may be dismissed and email functionality is not impacted.  Additionally, users connecting to webmail may have to refresh the page in order to reach the login page.  Technicians are aware of the issue and are currently investigating.

Resolved – Open LDAP Services Unavailable – January 2, 2018 11:48 PT

January 2, 2018 - 11:48am

All Open LDAP services ( SSC, Wireless and VPN services ) are now available.