The latest information on road closures, construction delays, changes to operating status, or other unusual events on campus.
Performance Issue - Some LastPass users receiving multiple notifications
Some users are receiving two DUO push notifications when signing into LastPass.
Portion of Cradit Farm Drive Closed 9/21/21 - 11/15/21
Security Alert - Linux servers at Azure vulnerabilities - patch now
On September 14th, 2021 Microsoft released patches to mitigate the effects of four new vulnerabilities for Linux servers hosted in Azure. The root cause of these vulnerabilities is found in the Open Management Infrastructure (OMI) agent that’s embedded in many popular Azure services. The Cornell IT Security office recommends immediate patching of any vulnerable assets. For customers of CIT's Managed Server Service - mitigations are already in place for Linux servers at Azure. The CVEs in scope for this alert are: CVE-2021-38647 – Unauthenticated root code execution as root (Severity: 9.8) CVE-2021-38648 – Privilege Escalation vulnerability (Severity: 7.8) CVE-2021-38645 – Privilege Escalation vulnerability (Severity: 7.8) CVE-2021-38649 – Privilege Escalation vulnerability (Severity: 7.0) To determine if your host is vulnerable connect to your Azure VMs and run the commands below in your terminal to ensure OMI is updated to the latest version: For Debian systems (e
Performance Issue - Some Zoom users report invalid meeting IDs
Some users have reported issues with Zoom meetings returning invalid meeting IDs. These invalid ID errors appear to result from recurring meetings created through the Zoom website whose invite text or details have been pasted into an Outlook calendar entry that is not a recurring calendar event. It may also result from the pasted event using a different title than the original Zoom meeting. For users who have the Office integration enabled in their Zoom profile, pasting the invite text or details of a Zoom meeting invitation from a recurring Zoom meeting into a non-recurring Outlook calendar entry will result in the integration changing the Zoom meeting from recurring to one-time and updating the title / topic to match the calendar entry. Zoom reports that this is intended behavior and their documentation warns that when pasting a recurring meeting into Outlook, users must make sure the Outlook calendar entry is also set to recurring. Otherwise, the above setting changes will tak
Security Alert - Urgent Apple vulnerability patch - Apply now
Apple has released an urgent security update for Mac, iPhone, iPad and Watch users related to CVE-2021-30860 The Citizen Lab. The Cornell IT Security Office recommends immediately applying this update to any affected devices. CVE-2021-30860 "The Citizen Lab" allows attackers to run commands on vulnerable systems without any user interaction. Successful exploitation of this vulnerability gives access to a device's camera, microphone, messages, texts, emails, calls and more. This update is currently available to all Cornell managed and un-managed Apple devices. Please update your devices immediately. External Links: https://support.apple.com/en-us/HT201222 https://www.zdnet.com/article/apple-releases-update-fixing-nso-spyware-vulnerability-affecting-macs-iphones-ipads-and-watches/
Performance Issue - Newly Hired Employees Not Provisioned Office 365 A3 Licenses
The university is running low on Office 365 A3 licenses, meaning some new employees may not be fully licensed. When this occurs, the account can't get Office 365 Pro Plus or administer Bookings sites. If this happens, contact the IT Service Desk for the license.