To: All Users

In today’s digital world, our online accounts hold a vast amount of personal and professional information. Protecting this information is crucial, and one of the most effective methods is to use passwords with reasonable length and complexity. This approach can increase the difficulty for hackers to crack your passwords. In general standard, passwords are recommended to have at least 8 characters long, preferably 15 characters, and consider including uppercase and lowercase letters, numbers, and special characters.

Tips for Setting Passwords:

1. Set Strong Passwords:
   • Passwords should have a specific length and complexity, or use long, easy-to-remember passphrases that are difficult for others to guess.
2. Avoid Using Personal Information:
   • Do not use information that is easy for others to guess, such as your name, birthdate, pet’s name, or common words.
3. Avoid Reusing Passwords:
   • Do not reuse the same password across multiple accounts. If one account is compromised, all other accounts using the same username and password are at risk.
4. Enable Two-Factor Authentication (2FA):
   • Whenever possible, enable 2FA service to add an extra layer of security.
5. Regularly Check Account and Password Safety:
   • It is recommended to regularly check the safety of your accounts and passwords, and change them promptly if you suspect they have been compromised.

By following these tips and developing the habit of using passwords with reasonable length and complexity, you can protect the security of your accounts and information.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

Reference:

• Two-Factor Authentication (2FA)
• How to choose a strong password?
• More information security laws, regulations, policies and guidelines
• How to download and install software in a secure manner

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its March security update notice, there are 56 vulnerability updates this time.

The updates this time mainly cover the following components:  Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server products vulnerabilities.

Details of the vulnerabilities: 

• Microsoft Management Console Security Feature Bypass Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26633

• Windows NTFS Information Disclosure Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24984
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24991

• Windows NTFS Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24993

• Windows Fast FAT File System Driver Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24985

• Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24983

• Windows Remote Desktop Services Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24045
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24035
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26645

• Windows exFAT File System Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21180

For more details about Microsoft March Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

• How to download and install software in a secure manner?
• Basic Knowledge of Online Safety and Security
• Other Information Security Tips

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its February security update notice, there are 63 vulnerability updates this time.

The updates this time mainly cover the following components:  Microsoft Streaming Service, Windows LDAP – Lightweight Directory Access Protocol, Windows NTLM, Windows DHCP Server, Microsoft Edge (Chromium-based), Microsoft PC Manager products vulnerabilities.

Details of the vulnerabilities: 

• Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21418

• Windows Storage Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21391

• Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21376

• Microsoft Excel Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21381

• DHCP Client Service Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21379

• Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21177

• Windows Core Messaging Elevation of Privileges Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21414
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21358
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21184

For more details about Microsoft February Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

• How to download and install software in a secure manner?
• Basic Knowledge of Online Safety and Security
• Other Information Security Tips

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

Information security is essential for protecting our personal data and the university’s confidential information. We need to work together to ensure our data and privacy are not threatened. Here are some security tips to help everyone to maintain campus information security:

1. Protect Information Security:
   • Do not engage in or attempt any actions that could harm the information security of any network, information, or communication systems or facilities within or outside the university.
2. Maintain Security Measures:
   • Do not disable, interfere with, or remove security measures of information and communication systems or facilities on campus without authorization.
3. Use Software Legally:
   • Ensure all software is legally obtained and has the necessary licenses. Unauthorized software should be removed immediately.
4. Ensure Authorized Access:
   • Use authorized accounts to access any computer systems within or outside the campus. Do not use unauthorized accounts or impersonate others.
5. Follow Account and Password Guidelines:
   • Keep passwords secure, do not write them down where others can easily access or see them, change them regularly, use strong passwords, and enable two-factor authentication for added protection.
6. Comply with University Policies and Macau Laws:
   • Be aware of and comply with relevant policies and regulations, such as the “Acceptable Use Policy on ICTO Computing Facilities, Campus Network and Internet”, “University Policy on Use of Computer Software within Campus”, “Law on Combating Computer Crime” and “Personal Data Protection Act”.

Please be reminded that any illegal actions, whether intentional or unintentional, will lead to serious consequences for both individuals and the university, and result in legal liability.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

Reference:

• Two-Factor Authentication (2FA)
• How to choose a strong password?
• More information security laws, regulations, policies and guidelines
• How to download and install software in a secure manner

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its January security update notice, there is 159 vulnerability updates this time.

The updates this time mainly cover the following components:  .NET, .NET and Visual Studio, Microsoft Windows Search Component, Windows Installer, Windows Kerberos, Windows Kernel Memory, Windows Remote Desktop Services, Windows Secure Boot products vulnerabilities.

Details of the vulnerabilities: 

•  Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21333
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21334
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21335

•  Windows OLE Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21298

•  Microsoft Excel Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21354
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21362

• Windows Remote Desktop Services Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21309
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21297

• BranchCache Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21296

• Microsoft Office Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21365

For more details about Microsoft January Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

• How to download and install software in a secure manner?
• Basic Knowledge of Online Safety and Security
• Other Information Security Tips

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

Recently, it is found that the number of phishing attempts targeting the University is increasing. In order to strengthen email security and raise users’ awareness on phishing email, starting from 8 January 2025, a warning tag will be displayed in every incoming email from outsiders.

External email warning tag helps to alert users from clicking malicious links in phishing emails sent by external senders. 

Sample of the warning tag: 

Stay vigilant! When it comes to financial transactions or personal information, please verify the identity of the sender.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its December security update notice, there is 72 vulnerability updates this time.

The updates this time mainly cover the following components: Microsoft Defender for Endpoint, Windows Hyper-V、 Windows Cloud Files Mini Filter Driver、 Windows Remote Desktop、Windows Message Queuing、Windows Mobile Broadband、Windows KernelMode Drivers products vulnerabilities.

Details of the vulnerabilities: 

• Windows Common Log File System Driver Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49088
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49138
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49090 

• Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49122
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49118

• Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49124

• Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49127

• Windows Remote Desktop Services Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49123
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49105
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49116
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49132
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49120 

For more details about Microsoft December Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

• How to download and install software in a secure manner?
• Basic Knowledge of Online Safety and Security
• Other Information Security Tips

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

Recently, there are reports that several members of the Hong Kong Legislative Council have been defrauded and blackmailed by AI-generated explicit photos. Scammers use AI technology to generate fake images and blackmail them via email. To ensure everyone’s safety, please be aware of the following:

• Beware of Suspicious Emails: If you receive emails from someone claiming to be a private investigator or from other suspicious sources, please do not reply, click or forward any links to others.
• Report to the Police: If you have suffered financial loss or feel seriously threatened, please report to the Police immediately.

We have detected that similar scam emails have been received within the University. Please remain highly vigilant and protect both personal and University information.

If you have any questions or need assistance, please contact the ICTO Help Desk (Phone: 88228600, E-mail: icto.helpdesk@um.edu.mo) 

Related Links:

Beware of “AI face-changing” extortion emails and illegal use of personal information (Chinese Version Only)

https://www.gov.mo/zh-hant/news/1109512/

Hong Kong Lawmakers Blackmailed with AI-Generated Explicit Photos (Chinese Version Only)

https://www.modaily.cn/amucsite/web/index.html#/detail/9923919

Information and Communication Technology Office