About jovitatou

This author has not yet filled in any details.
So far jovitatou has created 2 blog entries.
30 2025-04

Important Notice: Security vulnerability of Google Chrome browser (updated at 30 April 2025)

2025-04-30T16:34:40+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have recently issued a zero-day security vulnerability about Chrome browser.  This vulnerability is widely exploited.

  • Please update to Google Chrome version 134.0.6998.177 or later

For more details, please refer to:  https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

Steps to update Google Chrome browser

  • Open your Google Chrome browser on your desktop.
  • Click the three vertical dots in the upper right corner to open the dropdown menu.
  • Select “Settings“.
  • Click “About Chrome” on the left-hand sidebar.
  • Chrome will automatically check for updates or you can click the button “Update Google Chrome”.
  • Restart the Chrome.

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Google官方 近日發出有關於 Chrome 瀏覽器的一個零日安全漏洞,該漏洞亦正在被廣泛利用。

  • 請更新至 Google Chrome  134.0.6998.177 或之後版本

有關詳情可參考:https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

更新Google Chrome瀏覽器”步驟

  • 在電腦上開啟 Chrome;
  • 按下右上方的 [更多](垂直三點圖示) ;
  • 按下 [設定] ;
  • 在左方菜單,按下[關於 Google Chrome];
  • Chrome瀏覽器會自動進行更新,或可手動按下 [更新 Google Chrome] 進行更新;
  • 重新啟動Chrome瀏覽器。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerability of Google Chrome browser (updated at 30 April 2025)2025-04-30T16:34:40+08:00
10 2025-04

Important Notice: Security vulnerabilities of Microsoft (updated at 10 April 2025)

2025-04-10T10:30:18+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its April security update notice, there are 126 vulnerability updates this time.

The updates this time mainly cover the following components:  Windows Hyper-V, Remote Desktop Gateway Service, Windows Routing and Remote Access Service (RRAS), Windows Common Log File System Driver, Windows TCP/IP, Visual Studio, Windows Active Directory Certificate Services, Windows Kerberos, Windows Kernel products vulnerabilities.

Details of the vulnerabilities: 

  • Windows Common Log File System Driver Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29824

  • Windows Remote Desktop Services Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27480
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27482

  • Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26670
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26663 

  • Windows Hyper-V Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27491

  • Microsoft Excel Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29791
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27752 

  • Microsoft Office Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27749
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27748
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27745 

  • Windows TCP/IP Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26686

For more details about Microsoft April Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發了 4月安全更新通告,此次包含了 126個漏洞更新

此次釋出的更新主要涵蓋了以下組件: Windows Hyper-V, Remote Desktop Gateway Service, Windows Routing and Remote Access Service (RRAS), Windows Common Log File System Driver, Windows TCP/IP, Visual Studio, Windows Active Directory Certificate Services, Windows Kerberos, Windows Kernel 等產品的漏洞。

漏洞詳情:

  •  Windows 通用日誌檔案系統驅動程式許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29824

  • Windows 遠端桌面服務遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27480
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27482

  • Windows 輕量級目錄訪問協定 (LDAP)用戶端遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26670
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26663

  •   Windows Hyper-V 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27491

  •  Windows Excel 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29791
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27752

  • Microsoft Office 遠端代碼執行漏洞

有關詳情可參考: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27749
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27748
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-27745 

  • Windows TCP/IP 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26686

Microsoft 4月更新有關詳情可參考:https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr

倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerabilities of Microsoft (updated at 10 April 2025)2025-04-10T10:30:18+08:00
21 2025-03

Information Security Tips (Mar 2025) – Importance of Using Passwords with Reasonable Length and Complexity

2025-04-18T00:00:31+08:00

To: All Users

In today’s digital world, our online accounts hold a vast amount of personal and professional information. Protecting this information is crucial, and one of the most effective methods is to use passwords with reasonable length and complexity. This approach can increase the difficulty for hackers to crack your passwords. In general standard, passwords are recommended to have at least 8 characters long, preferably 15 characters, and consider including uppercase and lowercase letters, numbers, and special characters.

Tips for Setting Passwords:

  1. Set Strong Passwords:
    • Passwords should have a specific length and complexity, or use long, easy-to-remember passphrases that are difficult for others to guess.
  2. Avoid Using Personal Information:
    • Do not use information that is easy for others to guess, such as your name, birthdate, pet’s name, or common words.
  3. Avoid Reusing Passwords:
    • Do not reuse the same password across multiple accounts. If one account is compromised, all other accounts using the same username and password are at risk.
  4. Enable Two-Factor Authentication (2FA):
    • Whenever possible, enable 2FA service to add an extra layer of security.
  5. Regularly Check Account and Password Safety:
    • It is recommended to regularly check the safety of your accounts and passwords, and change them promptly if you suspect they have been compromised.

By following these tips and developing the habit of using passwords with reasonable length and complexity, you can protect the security of your accounts and information.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

Reference:

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

在現今的數位世界中,我們的網上帳戶存有大量的個人和專業資訊。保護這些資訊至關重要,最有效的方法之一就是使用合理長度及複雜性的密碼,這樣可以增加駭客破解密碼的難度。一般標準建議密碼至少包含8個字符,最好為15個字符,可考慮包括大小寫字母、數字和特殊字符。

設定密碼的提示:

  1. 設定強度足夠的密碼:
    • 密碼應具有特定的長度和複雜性,或使用長且易記但難以被他人猜測的密碼短語。
  2. 避免使用個人資訊:
    • 不要使用容易被他人猜到的資訊,如您的姓名、出生日期、寵物的名字或常見詞彙。
  3. 避免使用相同的密碼:
    • 不要在多個帳戶中重複使用相同的密碼。如果其中一個帳戶被洩露,您的其他使用相同用戶名及密碼的帳戶都處於風險中。
  4. 雙重身份驗證 (2FA):
    •  盡可能啟用雙重身份驗證 (2FA)服務,這樣可以增加一重額外的保障。
  5. 定期更新密碼:
    • 建議定期檢查帳戶及密碼的安全性,並在懷疑密碼洩露時及時更改。

按照上述提示並養成使用合理長度及複雜性密碼的習慣,您可以保護您的帳戶安全及資訊。

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

參考資料:

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Information Security Tips (Mar 2025) – Importance of Using Passwords with Reasonable Length and Complexity2025-04-18T00:00:31+08:00
12 2025-03

Important Notice: Security vulnerabilities of Microsoft (updated at 12 March 2025)

2025-04-12T00:00:25+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its March security update notice, there are 56 vulnerability updates this time.

The updates this time mainly cover the following components:  Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server products vulnerabilities.

Details of the vulnerabilities: 

  • Microsoft Management Console Security Feature Bypass Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26633

  • Windows NTFS Information Disclosure Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24984
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24991

  • Windows NTFS Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24993

  • Windows Fast FAT File System Driver Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24985

  • Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24983

  • Windows Remote Desktop Services Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24045
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24035
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26645

  • Windows exFAT File System Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21180

For more details about Microsoft March Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發了 3月安全更新通告,此次包含了 56個漏洞更新

此次釋出的更新主要涵蓋了以下組件:Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, Hyper-V Server 等產品的漏洞。

漏洞詳情:

  •  Microsoft 管理主控台安全功能繞過漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26633

  • Windows NTFS 資訊洩露漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24984
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24991

  • Windows NTFS 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24993

  •   Windows FAST FAT 檔案系統驅動程式遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24985

  • Windows Win32 內核子系統許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24983

  • Windows 遠端桌面服務遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24045
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24035
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26645

  • Windows exFAT 檔案系統遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21180

Microsoft 3月更新有關詳情可參考:https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar

倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerabilities of Microsoft (updated at 12 March 2025)2025-04-12T00:00:25+08:00
12 2025-02

Important Notice: Security vulnerabilities of Microsoft (updated at 12 February 2025)

2025-03-12T00:00:59+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its February security update notice, there are 63 vulnerability updates this time.

The updates this time mainly cover the following components:  Microsoft Streaming Service, Windows LDAP – Lightweight Directory Access Protocol, Windows NTLM, Windows DHCP Server, Microsoft Edge (Chromium-based), Microsoft PC Manager products vulnerabilities.

Details of the vulnerabilities: 

  • Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21418

  • Windows Storage Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21391

  • Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21376

  • Microsoft Excel Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21381

  • DHCP Client Service Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21379

  • Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21177

  • Windows Core Messaging Elevation of Privileges Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21414
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21358
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21184

For more details about Microsoft February Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發了 2月安全更新通告,此次包含了 63個漏洞更新

此次釋出的更新主要涵蓋了以下組件:Microsoft Streaming Service, Windows LDAP – Lightweight Directory Access Protocol, Windows NTLM, Windows DHCP Server, Microsoft Edge (Chromium-based), Microsoft PC Manager 等產品的漏洞。

漏洞詳情:

  •  Windows 協助工具驅動程式 WinSock 許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21418

  •  Windows OLE 存儲許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21391

  •  Windows 羽量級目錄訪問協定( LDAP) 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21376

  •   Microsoft Excel 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21381

  • DHCP 用戶端服務遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21379

  •  Microsoft Dynamics 365 Sales 許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21177

  •  Windows Core Messaging 許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21414
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21358
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21184

Microsoft 2月更新有關詳情可參考:https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb

倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerabilities of Microsoft (updated at 12 February 2025)2025-03-12T00:00:59+08:00
17 2025-01

Information Security Tips (Jan 2025) – Protecting Campus Information Security

2025-02-16T00:00:39+08:00

To: All Users

Information security is essential for protecting our personal data and the university’s confidential information. We need to work together to ensure our data and privacy are not threatened. Here are some security tips to help everyone to maintain campus information security:

  1. Protect Information Security:
    • Do not engage in or attempt any actions that could harm the information security of any network, information, or communication systems or facilities within or outside the university.
  2. Maintain Security Measures:
    • Do not disable, interfere with, or remove security measures of information and communication systems or facilities on campus without authorization.
  3. Use Software Legally:
    • Ensure all software is legally obtained and has the necessary licenses. Unauthorized software should be removed immediately.
  4. Ensure Authorized Access:
    • Use authorized accounts to access any computer systems within or outside the campus. Do not use unauthorized accounts or impersonate others.
  5. Follow Account and Password Guidelines:
    • Keep passwords secure, do not write them down where others can easily access or see them, change them regularly, use strong passwords, and enable two-factor authentication for added protection.
  6. Comply with University Policies and Macau Laws:

Please be reminded that any illegal actions, whether intentional or unintentional, will lead to serious consequences for both individuals and the university, and result in legal liability.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

Reference:

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊安全對於保護我們的個人資料和大學的機密信息至關重要。我們需要一起努力,確保我們的數據和隱私不受威脅。
以下是一些簡單的安全小貼士,幫助大家一起維護校園資訊安全:

  1. 保護資訊安全:
    • 切勿對大學校內及校外任何網絡、資訊及通訊系統或設施,進行或企圖進行任何危害資訊安全的行為
  2. 維護安全措施:
    • 請勿擅自停用、干擾或移除校園內資訊和通訊系統或設施的安全措施。
  3. 合法使用軟件:
    • 確保所有軟件均合法獲得並擁相關許可證證明,未經授權使用的軟件應立即移除。
  4. 確保授權訪問:
    • 請確保使用經授權的帳戶來訪問校內外的任何電腦系統,切勿使用未經授權的帳戶或盜用他人身份。
  5. 遵守帳戶和密碼指南:
    • 保持密碼安全,不應寫下並放在他人容易接觸或看到的地方,定期更改並使用強密碼,啟用雙重身份驗證以增加保護。
  6. 嚴守大學政策及本澳法律:

請謹記,不論是有意還是無意,任何違法行為不僅會對個人和大學造成嚴重後果,還可能面臨法律責任。

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

參考資料:

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Information Security Tips (Jan 2025) – Protecting Campus Information Security2025-02-16T00:00:39+08:00
16 2025-01

Important Notice: Security vulnerabilities of Microsoft (updated at 16 January 2025)

2025-02-16T00:01:38+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its January security update notice, there is 159 vulnerability updates this time.

The updates this time mainly cover the following components:  .NET, .NET and Visual Studio, Microsoft Windows Search Component, Windows Installer, Windows Kerberos, Windows Kernel Memory, Windows Remote Desktop Services, Windows Secure Boot products vulnerabilities.

Details of the vulnerabilities: 

  •  Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21333
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21334
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21335

  •  Windows OLE Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21298

  •  Microsoft Excel Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21354
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21362

  • Windows Remote Desktop Services Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21309
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21297

  • BranchCache Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21296

  • Microsoft Office Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21365

For more details about Microsoft January Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發了 1月安全更新通告,此次包含了 159個漏洞更新

此次釋出的更新主要涵蓋了以下組件: .NET, .NET and Visual Studio, Microsoft Windows Search Component, Windows Installer, Windows Kerberos, Windows Kernel Memory, Windows Remote Desktop Services, Windows Secure Boot 等產品的漏洞。

漏洞詳情:

  •  Windows Hyper-V NT Kernel Integration VSP 許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21333
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21334
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21335

  •  Windows OLE 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21298

  •  Microsoft Excel 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21354
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21362

  •  Windows 遠端桌面服務遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21309
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21297

  •  BranchCache 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21296

  •  Microsoft Office 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21365

Microsoft 1月更新有關詳情可參考:https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan

倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerabilities of Microsoft (updated at 16 January 2025)2025-02-16T00:01:38+08:00
18 2024-12

New Feature of Email Services- External Email Warning Tag

2025-01-16T00:00:14+08:00

To: All Users

Recently, it is found that the number of phishing attempts targeting the University is increasing. In order to strengthen email security and raise users’ awareness on phishing email, starting from 8 January 2025, a warning tag will be displayed in every incoming email from outsiders.

External email warning tag helps to alert users from clicking malicious links in phishing emails sent by external senders. 

Sample of the warning tag: 

Stay vigilant! When it comes to financial transactions or personal information, please verify the identity of the sender.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

最近針對大學的網絡釣魚攻擊有所增加,為了增強電郵的安全性並提高用戶對網路釣魚電郵的,從 2025 年 1 月 8 日開始,所有來自外部的電郵都會顯示警示標籤。

外部電郵警示標籤有助於提醒用戶不要點擊由外部寄件者發送的網路釣魚電郵中的惡意連結

警示標籤樣本:

保持警惕! 當涉及金融交易或個人資訊時,請必須驗證發送者的身分。

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

New Feature of Email Services- External Email Warning Tag2025-01-16T00:00:14+08:00
12 2024-12

Important Notice: Security vulnerabilities of Microsoft (updated at 11 December 2024)

2025-01-12T00:00:38+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its December security update notice, there is 72 vulnerability updates this time.

The updates this time mainly cover the following components: Microsoft Defender for Endpoint, Windows Hyper-VWindows Cloud Files Mini Filter DriverWindows Remote DesktopWindows Message QueuingWindows Mobile BroadbandWindows KernelMode Drivers products vulnerabilities.

Details of the vulnerabilities: 

  • Windows Common Log File System Driver Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49088
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49138
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49090 

  • Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49122
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49118

  • Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49124

  • Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49127

  • Windows Remote Desktop Services Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49123
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49105
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49116
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49132
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49120 


For more details about Microsoft December Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發了 12 月安全更新通告,此次包含了 72個漏洞更新

此次釋出的更新主要涵蓋了以下組件: Microsoft Defender for Endpoint, Windows Hyper-VWindows Cloud Files Mini Filter DriverWindows Remote DesktopWindows Message QueuingWindows Mobile BroadbandWindows KernelMode Drivers 等產品的漏洞。

漏洞詳情:

  •  Windows 通用日誌檔案系統驅動程式許可權提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49088
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49138
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49090

  •  Microsoft 訊息佇列(MSMQ)遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49122
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49118

  •  羽量級目錄訪問協定(LDAP)用戶端遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49124

  •  Windows 羽量級目錄訪問協定(LDAP)遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49127

  •  Windows 遠端桌面服務遠端代碼執行漏洞

有關詳情可參考: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49123
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49105
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49116
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49132
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49120 

Microsoft 12 月更新有關詳情可參考: https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec

倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerabilities of Microsoft (updated at 11 December 2024)2025-01-12T00:00:38+08:00
11 2024-12

Cybersecurity Promotion Activity – Lucky Draw Winners

2025-01-10T00:00:38+08:00

The Cybersecurity Promotion Activity organized by ICTO was completed successfully on 30 November 2024 . We are grateful for the great support from all the students. The lucky draw was held at 3:30 pm on 6 December 2024 at N6 Administration Building, witnessed by representatives from the Student Affairs Office (SAO). The winners are:

Prize

Student No.

Remarks

Xiaomi Pad 6

MC447XXX

Winners will be notified individually via e-email for prize collection arrangements. The prize can be collected at ICTO (Address: N6-2017, Administration Building). 

*If the winner cannot be reached by 30 December 2024, ICTO reserves the right to disqualify the winner.

 

 

Huawei Free Clip

MC352XXX

Xiaomi Smart Band 9

MC462XXX

 

Winners of MOP40 Printing Quota are as below:

Winners (Student No.)

Remarks

1

YC272XXX

Winners will be notified individually via e-email. The Printing quota balance will be automatically topped up with MOP 40 on or before 13 December, 2024.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

2

YC477XXX

3

BC411XXX

4

MC337XXX

5

AC117XXX

6

MC457XXX

7

MC466XXX

8

YC374XXX

9

YC470XXX

10

YC277XXX
11

YC486XXX
12

SC221XXX
13

MC442XXX
14

BC409XXX
15

MC465XXX
16

MC454XXX
17

MC346XXX
18

MC347XXX
19

BC105XXX
20

MC466XXX

Congratulations to the above winners!

Should you have any enquiries, please feel free to contact  icto.security@um.edu.mo.

Information and Communication Technology Office

由資訊及通訊科技部舉辦的網絡安全推廣活動己於2024年11月30日圓滿結束,感謝同學們的大力支持。抽獎環節在學生事務部代表的見證下,已於日前(12月6日)下午3:30於N6行政樓舉行,得獎者名單如下:

奬品

學生編號

備註

Xiaomi Pad 6

MC447XXX

上述得獎者將由專人透過電郵通知;領獎地點為澳門大學行政樓資訊及通訊科技部 (N6-2017)。

*若2024年12月30日前未能聯繫有關得獎者,資訊及通訊科技部有權取消其得獎資格

 

 

Huawei Free Clip

MC352XXX

Xiaomi Smart Band 9

MC462XXX

 

澳門幣40打印限額得獎者名單如下:

得獎者 (學生編號)

備註

1

YC272XXX

得獎者將由專人透過電郵通知;我們將於2024年12月13日或之前為得奬者的打印配額餘額自動充值澳門幣40

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

2

YC477XXX

3

BC411XXX

4

MC337XXX

5

AC117XXX

6

MC457XXX

7

MC466XXX

8

YC374XXX

9

YC470XXX

10

YC277XXX
11

YC486XXX
12

SC221XXX
13

MC442XXX
14

BC409XXX
15

MC465XXX
16

MC454XXX
17

MC346XXX
18

MC347XXX
19

BC105XXX
20

MC466XXX

恭喜以上得獎者!

 

 

如有任何疑問,請隨時發送電子郵件至 icto.security@um.edu.mo 與我們聯絡。

資訊及通訊科技部

Cybersecurity Promotion Activity – Lucky Draw Winners2025-01-10T00:00:38+08:00
© University of Macau
Go to Top