About jovitatou

This author has not yet filled in any details.
So far jovitatou has created 3 blog entries.
27 2025-05

Information Security Tips (May 2025) – How to Prevent AI Deepfake Scams?

2025-05-27T09:52:43+08:00

To: All Users

Deepfakes refer to audio or video content that has been digitally manipulated using AI (Artificial Intelligence) deep learning to convincingly imitate a person’s face, voice, or behavior. While this technology has legitimate applications, it is increasingly being exploited by scammers to impersonate individuals—such as corporate executives during video calls—to deceive others and commit fraud. These scams can lead to financial loss, reputational damage, or misinformation, and similar cases have already occurred in Macau.

5 Tips to Protect Yourself from Deepfake Scams:

  1. Stay Alert:
    • Always be cautious of videos and audio you receive online. Seeing is not believing. Treat unexpected or suspicious content with skepticism.
  2. Verify Through Multiple Sources:
    • Check if the information is reported by other reliable sources, such as official channels or reputable news outlets. If it comes from only one source, it may be fabricated.
  3. Watch for Irregularities:
    • Even though deepfakes are becoming more realistic, there are still telltale signs.
      • Facial expressions or lip-syncing that don’t match the audio
      • Unnatural movements or gestures
      • Unusual voice pitch or inconsistent tone
      • Skin tone or lighting that looks off or unnatural
        These can all indicate manipulated media.
  4. Be Extra Cautious with Money Requests:
    • If you receive urgent instructions to transfer money—especially from a supposed boss or family member—pause and verify their identity directly, preferably through another channel like a phone call.
  5. Hang up on unknown video/voice invitations:
    • If you receive a call or video conference invitation from an unknown number, especially if the caller claims an identity but you can’t immediately verify it, hang up immediately to avoid falling into a Deepfake scam. If the person continues to harass you or makes you feel uncomfortable, consider blocking that number/user account to protect yourself.

Deepfake technology poses real threats, but with awareness and careful verification, you can protect yourself. If you suspect you’ve encountered a deepfake scam, report it to the police or seek assistance immediately.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

Reference:

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

所謂 Deepfake(深度偽造),是指騙徒透過人工智能(AI)中的深度學習技術,模仿他人的面部表情、聲音特徵等,製作出以假亂真的影片或音訊。雖然這項技術有合法的應用,但它越來越多地被詐騙者利用來偽裝成他人進行詐騙,例如冒充公司高層在視像會議中要求員工匯款,又或者製作虛假新聞影像,誤導大眾。隨著 Deepfake 技術日益成熟,相關詐騙手法在本澳亦已出現,值得大家提高警覺。

防範 Deepfake 詐騙的五個方法:

  1. 保持警惕:
    • 對任何來自網絡的影片或錄音資料要有懷疑精神,眼見不一定為實。尤其是當中牽涉到金錢或敏感資訊時,更應小心。
  2. 查證多個資訊來源:
    • 收到資訊後,可於網上搜尋是否有其他可靠媒體或官方消息來源作佐證。若只有單一來源,可信度存疑
  3. 留意異常細節:

    • 雖然 Deepfake 效果愈來愈逼真,但仍可能出現瑕疵,例如:

      • 面部表情或嘴形與語音不同步
      • 動作不自然
      • 聲音音調怪異或忽高忽低
      • 膚色與光線不一致

      這些都是判斷影片是否被偽造的線索。

  4. 涉及金錢時要格外謹慎:
    • 如收到來歷不明、聲稱來自上司或親友的緊急匯款請求,應多方查證,包括直接聯絡當事人,切勿草率轉帳。
  5. 掛斷來歷不明的視像或語音邀請:
    • 若接到陌生來電或視像會議邀請,尤其對方聲稱身份但無法即時驗證,應立即掛斷,避免落入 Deepfake 詐騙陷阱。如果對方持續騷擾或令你感到冒犯,建議直接封鎖該號碼/帳號以保護自身安全。

Deepfake 技術雖強,但只要提高警覺、善用常識和多方查證,仍然可以有效防止受騙。如懷疑遇上詐騙,應即時向警方報案或尋求協助

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

參考資料:

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Information Security Tips (May 2025) – How to Prevent AI Deepfake Scams?2025-05-27T09:52:43+08:00
19 2025-05

Important Notice: Beware of Email Scams Impersonating UM members

2025-05-19T10:39:45+08:00

To: All Users

Recently, some university members reported that someone is using external email addresses to impersonate them and send messages to students and other members of UM community. Please be vigilant and protect yourself from these scams!

Kindly note the following: 

  1. Watch Out for Emails sending from Outside of the University:  Check carefully the sender’s email address, especially if it comes from a domain other than UM (e.g., outlook.com, gmail.com.). Scammers often use email names similar to those of UM members, but with a different domain. You may look out for emails with “External Email Warning Tag”:
  2. Use University Email Whenever Possible: When communicating with professors, students, or administrative staff within UM, please use the official UM email address (@um.edu.mo, @connect.um.edu.mo) whenever possible.
  3. Verify Suspicious Emails: If you receive a suspicious email, please verify its authenticity with the sender by phone or in person.
  4. Report Losses Immediately: If you suffer financial or other losses due to this fraud, please report it to the judicial police immediately.
  5. Protect Your Personal Information: Do not click unknown links or download suspicious attachments, to avoid revealing sensitive personal information.
  6. Report Suspicious Activity: If you discover any suspicious emails or fraudulent activity, please contact the ICTO Help Desk immediately.

Thank you for your cooperation in maintaining a secure campus network!

Reference:

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

近期,有大學人員報告稱發現有人利用外部電郵冒用其身份,向學生或其他大學成員發送信息。請各位提高警惕,謹防詐騙。

請注意以下:

  1. 警惕校外僞冒身份郵件:仔細核對發件人郵箱地址,特別是來自校外域名(如outlook.com, gmail.com等)的郵件。 冒充者可能會使用與校內人員相似的郵箱名稱(用戶名),但域名不同,您可以留意郵件是否附有「外來電郵警示標籤」:
  2. 優先使用學校郵箱溝通:校內在與老師、同學或行政人員溝通時,請儘量使用大學提供的官方郵箱(@um.edu.mo, @connect.um.edu.mo
  3. 如有疑問,請核實: 如果您收到可疑郵件,請通過電話或親身與發件人確認信息的真實性
  4. 遭遇損失,請及時報案: 如果您因對方的詐騙行爲遭受經濟或其他損失,請立即向司法機關報案
  5. 保護個人信息: 不要隨意點擊不明鏈接或下載附件,避免洩露個人敏感信息。
  6. 通報可疑行為: 如果您發現任何可疑郵件或詐騙行為,請及時聯絡資訊及通訊科技部服務中心。

感謝您的配合,共同維護校園網絡安全!

參考資料:

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Beware of Email Scams Impersonating UM members2025-05-19T10:39:45+08:00
16 2025-05

Important Notice: Security vulnerabilities of Microsoft (updated at 16 May 2025)

2025-05-16T17:30:24+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its May security update notice, there are 78 vulnerability updates this time.

The updates this time mainly cover the following components:  Windows Routing and Remote Access Service (RRAS), Windows Virtual Machine Bus, Windows Installer, Windows Drivers, Windows File Server, Azure, Windows Win32K – GRFX, Microsoft Scripting Engine products vulnerabilities.

Details of the vulnerabilities: 

  • Windows Scripting Engine Memory Corruption Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30397

  • Windows Common Log File System Driver Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32706

  • Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32709

  • Windows Common Log File System Driver Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32701

  • Microsoft DWM Core Library Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30400

  • Microsoft Office Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30386
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30377

  • Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29833

  • Remote Desktop Client Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29966
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29967

For more details about Microsoft May Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-May

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發了 5月安全更新通告,此次包含了 78個漏洞更新

此次釋出的更新主要涵蓋了以下組件: Windows Routing and Remote Access Service (RRAS), Windows Virtual Machine Bus, Windows Installer, Windows Drivers, Windows File Server, Azure, Windows Win32K – GRFX, Microsoft Scripting Engine 等產品的漏洞。

漏洞詳情:

  • Windows 腳本引擎記憶體損壞漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30397

  • Windows 通用日誌檔案系統驅動程式許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32706

  • Windows Ancillary Function Driver for WinSock 許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32709

  •   Windows 通用日誌檔案系統驅動程式許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32701

  • Windows DWM 核心庫許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30400

  • Microsoft Office 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30386
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30377

  • Microsoft Virtual Machine Bus(VMBus)遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29833

  •  遠端桌面用戶端遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29966
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29967

Microsoft 5月更新有關詳情可參考:https://msrc.microsoft.com/update-guide/releaseNote/2025-May

倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerabilities of Microsoft (updated at 16 May 2025)2025-05-16T17:30:24+08:00
30 2025-04

Important Notice: Security vulnerability of Google Chrome browser (updated at 30 April 2025)

2025-05-30T00:01:10+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have recently issued a zero-day security vulnerability about Chrome browser.  This vulnerability is widely exploited.

  • Please update to Google Chrome version 134.0.6998.177 or later

For more details, please refer to:  https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

Steps to update Google Chrome browser

  • Open your Google Chrome browser on your desktop.
  • Click the three vertical dots in the upper right corner to open the dropdown menu.
  • Select “Settings“.
  • Click “About Chrome” on the left-hand sidebar.
  • Chrome will automatically check for updates or you can click the button “Update Google Chrome”.
  • Restart the Chrome.

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Google官方 近日發出有關於 Chrome 瀏覽器的一個零日安全漏洞,該漏洞亦正在被廣泛利用。

  • 請更新至 Google Chrome  134.0.6998.177 或之後版本

有關詳情可參考:https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

更新Google Chrome瀏覽器”步驟

  • 在電腦上開啟 Chrome;
  • 按下右上方的 [更多](垂直三點圖示) ;
  • 按下 [設定] ;
  • 在左方菜單,按下[關於 Google Chrome];
  • Chrome瀏覽器會自動進行更新,或可手動按下 [更新 Google Chrome] 進行更新;
  • 重新啟動Chrome瀏覽器。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerability of Google Chrome browser (updated at 30 April 2025)2025-05-30T00:01:10+08:00
10 2025-04

Important Notice: Security vulnerabilities of Microsoft (updated at 10 April 2025)

2025-05-10T00:00:51+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its April security update notice, there are 126 vulnerability updates this time.

The updates this time mainly cover the following components:  Windows Hyper-V, Remote Desktop Gateway Service, Windows Routing and Remote Access Service (RRAS), Windows Common Log File System Driver, Windows TCP/IP, Visual Studio, Windows Active Directory Certificate Services, Windows Kerberos, Windows Kernel products vulnerabilities.

Details of the vulnerabilities: 

  • Windows Common Log File System Driver Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29824

  • Windows Remote Desktop Services Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27480
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27482

  • Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26670
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26663 

  • Windows Hyper-V Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27491

  • Microsoft Excel Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29791
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27752 

  • Microsoft Office Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27749
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27748
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27745 

  • Windows TCP/IP Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26686

For more details about Microsoft April Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發了 4月安全更新通告,此次包含了 126個漏洞更新

此次釋出的更新主要涵蓋了以下組件: Windows Hyper-V, Remote Desktop Gateway Service, Windows Routing and Remote Access Service (RRAS), Windows Common Log File System Driver, Windows TCP/IP, Visual Studio, Windows Active Directory Certificate Services, Windows Kerberos, Windows Kernel 等產品的漏洞。

漏洞詳情:

  •  Windows 通用日誌檔案系統驅動程式許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29824

  • Windows 遠端桌面服務遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27480
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27482

  • Windows 輕量級目錄訪問協定 (LDAP)用戶端遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26670
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26663

  •   Windows Hyper-V 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27491

  •  Windows Excel 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29791
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27752

  • Microsoft Office 遠端代碼執行漏洞

有關詳情可參考: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27749
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27748
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27745 

  • Windows TCP/IP 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26686

Microsoft 4月更新有關詳情可參考:https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr

倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerabilities of Microsoft (updated at 10 April 2025)2025-05-10T00:00:51+08:00
21 2025-03

Information Security Tips (Mar 2025) – Importance of Using Passwords with Reasonable Length and Complexity

2025-04-18T00:00:31+08:00

To: All Users

In today’s digital world, our online accounts hold a vast amount of personal and professional information. Protecting this information is crucial, and one of the most effective methods is to use passwords with reasonable length and complexity. This approach can increase the difficulty for hackers to crack your passwords. In general standard, passwords are recommended to have at least 8 characters long, preferably 15 characters, and consider including uppercase and lowercase letters, numbers, and special characters.

Tips for Setting Passwords:

  1. Set Strong Passwords:
    • Passwords should have a specific length and complexity, or use long, easy-to-remember passphrases that are difficult for others to guess.
  2. Avoid Using Personal Information:
    • Do not use information that is easy for others to guess, such as your name, birthdate, pet’s name, or common words.
  3. Avoid Reusing Passwords:
    • Do not reuse the same password across multiple accounts. If one account is compromised, all other accounts using the same username and password are at risk.
  4. Enable Two-Factor Authentication (2FA):
    • Whenever possible, enable 2FA service to add an extra layer of security.
  5. Regularly Check Account and Password Safety:
    • It is recommended to regularly check the safety of your accounts and passwords, and change them promptly if you suspect they have been compromised.

By following these tips and developing the habit of using passwords with reasonable length and complexity, you can protect the security of your accounts and information.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

Reference:

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

在現今的數位世界中,我們的網上帳戶存有大量的個人和專業資訊。保護這些資訊至關重要,最有效的方法之一就是使用合理長度及複雜性的密碼,這樣可以增加駭客破解密碼的難度。一般標準建議密碼至少包含8個字符,最好為15個字符,可考慮包括大小寫字母、數字和特殊字符。

設定密碼的提示:

  1. 設定強度足夠的密碼:
    • 密碼應具有特定的長度和複雜性,或使用長且易記但難以被他人猜測的密碼短語。
  2. 避免使用個人資訊:
    • 不要使用容易被他人猜到的資訊,如您的姓名、出生日期、寵物的名字或常見詞彙。
  3. 避免使用相同的密碼:
    • 不要在多個帳戶中重複使用相同的密碼。如果其中一個帳戶被洩露,您的其他使用相同用戶名及密碼的帳戶都處於風險中。
  4. 雙重身份驗證 (2FA):
    •  盡可能啟用雙重身份驗證 (2FA)服務,這樣可以增加一重額外的保障。
  5. 定期更新密碼:
    • 建議定期檢查帳戶及密碼的安全性,並在懷疑密碼洩露時及時更改。

按照上述提示並養成使用合理長度及複雜性密碼的習慣,您可以保護您的帳戶安全及資訊。

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

參考資料:

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Information Security Tips (Mar 2025) – Importance of Using Passwords with Reasonable Length and Complexity2025-04-18T00:00:31+08:00
12 2025-03

Important Notice: Security vulnerabilities of Microsoft (updated at 12 March 2025)

2025-04-12T00:00:25+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its March security update notice, there are 56 vulnerability updates this time.

The updates this time mainly cover the following components:  Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server products vulnerabilities.

Details of the vulnerabilities: 

  • Microsoft Management Console Security Feature Bypass Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26633

  • Windows NTFS Information Disclosure Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24984
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24991

  • Windows NTFS Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24993

  • Windows Fast FAT File System Driver Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24985

  • Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24983

  • Windows Remote Desktop Services Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24045
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24035
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26645

  • Windows exFAT File System Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21180

For more details about Microsoft March Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發了 3月安全更新通告,此次包含了 56個漏洞更新

此次釋出的更新主要涵蓋了以下組件:Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, Hyper-V Server 等產品的漏洞。

漏洞詳情:

  •  Microsoft 管理主控台安全功能繞過漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26633

  • Windows NTFS 資訊洩露漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24984
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24991

  • Windows NTFS 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24993

  •   Windows FAST FAT 檔案系統驅動程式遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24985

  • Windows Win32 內核子系統許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24983

  • Windows 遠端桌面服務遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24045
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24035
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26645

  • Windows exFAT 檔案系統遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21180

Microsoft 3月更新有關詳情可參考:https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar

倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerabilities of Microsoft (updated at 12 March 2025)2025-04-12T00:00:25+08:00
12 2025-02

Important Notice: Security vulnerabilities of Microsoft (updated at 12 February 2025)

2025-03-12T00:00:59+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its February security update notice, there are 63 vulnerability updates this time.

The updates this time mainly cover the following components:  Microsoft Streaming Service, Windows LDAP – Lightweight Directory Access Protocol, Windows NTLM, Windows DHCP Server, Microsoft Edge (Chromium-based), Microsoft PC Manager products vulnerabilities.

Details of the vulnerabilities: 

  • Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21418

  • Windows Storage Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21391

  • Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21376

  • Microsoft Excel Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21381

  • DHCP Client Service Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21379

  • Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21177

  • Windows Core Messaging Elevation of Privileges Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21414
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21358
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21184

For more details about Microsoft February Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發了 2月安全更新通告,此次包含了 63個漏洞更新

此次釋出的更新主要涵蓋了以下組件:Microsoft Streaming Service, Windows LDAP – Lightweight Directory Access Protocol, Windows NTLM, Windows DHCP Server, Microsoft Edge (Chromium-based), Microsoft PC Manager 等產品的漏洞。

漏洞詳情:

  •  Windows 協助工具驅動程式 WinSock 許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21418

  •  Windows OLE 存儲許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21391

  •  Windows 羽量級目錄訪問協定( LDAP) 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21376

  •   Microsoft Excel 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21381

  • DHCP 用戶端服務遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21379

  •  Microsoft Dynamics 365 Sales 許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21177

  •  Windows Core Messaging 許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21414
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21358
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21184

Microsoft 2月更新有關詳情可參考:https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb

倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerabilities of Microsoft (updated at 12 February 2025)2025-03-12T00:00:59+08:00
17 2025-01

Information Security Tips (Jan 2025) – Protecting Campus Information Security

2025-02-16T00:00:39+08:00

To: All Users

Information security is essential for protecting our personal data and the university’s confidential information. We need to work together to ensure our data and privacy are not threatened. Here are some security tips to help everyone to maintain campus information security:

  1. Protect Information Security:
    • Do not engage in or attempt any actions that could harm the information security of any network, information, or communication systems or facilities within or outside the university.
  2. Maintain Security Measures:
    • Do not disable, interfere with, or remove security measures of information and communication systems or facilities on campus without authorization.
  3. Use Software Legally:
    • Ensure all software is legally obtained and has the necessary licenses. Unauthorized software should be removed immediately.
  4. Ensure Authorized Access:
    • Use authorized accounts to access any computer systems within or outside the campus. Do not use unauthorized accounts or impersonate others.
  5. Follow Account and Password Guidelines:
    • Keep passwords secure, do not write them down where others can easily access or see them, change them regularly, use strong passwords, and enable two-factor authentication for added protection.
  6. Comply with University Policies and Macau Laws:

Please be reminded that any illegal actions, whether intentional or unintentional, will lead to serious consequences for both individuals and the university, and result in legal liability.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

Reference:

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊安全對於保護我們的個人資料和大學的機密信息至關重要。我們需要一起努力,確保我們的數據和隱私不受威脅。
以下是一些簡單的安全小貼士,幫助大家一起維護校園資訊安全:

  1. 保護資訊安全:
    • 切勿對大學校內及校外任何網絡、資訊及通訊系統或設施,進行或企圖進行任何危害資訊安全的行為
  2. 維護安全措施:
    • 請勿擅自停用、干擾或移除校園內資訊和通訊系統或設施的安全措施。
  3. 合法使用軟件:
    • 確保所有軟件均合法獲得並擁相關許可證證明,未經授權使用的軟件應立即移除。
  4. 確保授權訪問:
    • 請確保使用經授權的帳戶來訪問校內外的任何電腦系統,切勿使用未經授權的帳戶或盜用他人身份。
  5. 遵守帳戶和密碼指南:
    • 保持密碼安全,不應寫下並放在他人容易接觸或看到的地方,定期更改並使用強密碼,啟用雙重身份驗證以增加保護。
  6. 嚴守大學政策及本澳法律:

請謹記,不論是有意還是無意,任何違法行為不僅會對個人和大學造成嚴重後果,還可能面臨法律責任。

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

參考資料:

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Information Security Tips (Jan 2025) – Protecting Campus Information Security2025-02-16T00:00:39+08:00
16 2025-01

Important Notice: Security vulnerabilities of Microsoft (updated at 16 January 2025)

2025-02-16T00:01:38+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its January security update notice, there is 159 vulnerability updates this time.

The updates this time mainly cover the following components:  .NET, .NET and Visual Studio, Microsoft Windows Search Component, Windows Installer, Windows Kerberos, Windows Kernel Memory, Windows Remote Desktop Services, Windows Secure Boot products vulnerabilities.

Details of the vulnerabilities: 

  •  Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21333
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21334
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21335

  •  Windows OLE Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21298

  •  Microsoft Excel Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21354
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21362

  • Windows Remote Desktop Services Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21309
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21297

  • BranchCache Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21296

  • Microsoft Office Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21365

For more details about Microsoft January Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發了 1月安全更新通告,此次包含了 159個漏洞更新

此次釋出的更新主要涵蓋了以下組件: .NET, .NET and Visual Studio, Microsoft Windows Search Component, Windows Installer, Windows Kerberos, Windows Kernel Memory, Windows Remote Desktop Services, Windows Secure Boot 等產品的漏洞。

漏洞詳情:

  •  Windows Hyper-V NT Kernel Integration VSP 許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21333
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21334
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21335

  •  Windows OLE 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21298

  •  Microsoft Excel 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21354
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21362

  •  Windows 遠端桌面服務遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21309
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21297

  •  BranchCache 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21296

  •  Microsoft Office 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21365

Microsoft 1月更新有關詳情可參考:https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan

倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerabilities of Microsoft (updated at 16 January 2025)2025-02-16T00:01:38+08:00
© University of Macau
Go to Top