The IT Platforms - Virtual, Infrastructure, and Storage team will be performing an upgrade of the F5 Big-IP Load Balancers.  Minimum to no impact is expected for end users.  However, due to the number of services supported by the F5 Load Balancers, this is a major change and an outage window is requested. The following services will be temporarily unavailable during this window:
- All Banner services
- UNM Learn
- All other UNM websites (DeptWeb and cPanel) and applications
- LoboCloud

Starting Monday, June 24th from 9AM to 2 PM, UNM IT will upgrade the Cascade Web Content Management System (WCMS). This will provide needed fixes, security and updates to maintain the system and keep in current support with the vendor. While the tool will be unavailable, web pages will continue to be served.

The interface will undergo a major overhaul and some features and functions may not be readily apparent. Support documents will be provided at http://webmaster.unm.edu/wcms/index.html. The UNM Webmasters from UCAM have updated training and support materials and have planned for the following weeks to respond to questions and support for departmental web publishers.

In the last several weeks, numerous customer NetIDs and passwords were compromised through successful phishing attacks. These attacks have become more sophisticated, and now include using UNM’s SharePoint online services to distribute malicious/ phishing content.  UNM IT is investigating and working to mitigate the attacks.

UNM IT has received isolated reports of issues launching Skype for Business on Windows based PCs (starting Monday, 5/20).

Technicians are aware of the problem and are gathering data/triaging.

The root cause appears to be a recent Office 2019 update. The build affected is 10344.2008. Rolling back to the previous version of Office 2019 addresses this issue.

Information on Office 2019 volume license updates can be found here:

https://docs.microsoft.com/en-us/officeupdates/update-history-office-2019

Information on controlling the Office 2019 update process can be found here:

https://docs.microsoft.com/en-us/deployoffice/office2019/update

Specific guidance on controlling Office 2019 update behavior using Group Policy is forthcoming. Note that Office 2019 updates are not controlled with the same GPOs as WSUS.

If you are experiencing this issue, please submit a ticket via https://help.unm.edu or by calling 505-277-5757.

Thank you for your time and patience.

To promote a healthy support life cycle, several common Microsoft products will reach their end of life/end of support dates in a year or less (January 2020).

The affected products and corresponding dates are show below. The most prominent impacts are to Windows 7, Windows Server 2008 (and 2008 R2), and SQL Server 2008 (and 2008 R2).

If you are using any of these Microsoft products in your organization, please begin the process of upgrading to newer (supported) versions as soon as possible. Continuing to use these products once their end of life passes presents a security risk to the University and prevents students/faculty/staff from leveraging the latest improvements and enhancements.

Windows (desktop/laptop)

Office

Windows (server)

Enterprise Applications

For full details on Microsoft's products and their end of life dates, see https://support.microsoft.com/en-us/lifecycle/search.

The UNM IT Customer Support Service Desk and the UNM Information Security & Privacy Office (ISPO) have received many reports of fraudulent/phishing emails sent to UNM community members.

Extortion Emails

There does not appear to be any evidence of automatic downloads, malware, or other malicious software associated with the email samples provided.  Any credentials (usernames, passwords, etc.) associated with these emails appear to have been the result of high-profile data breaches of parties external to UNM.

For more information regarding extortion email schemes please reference the following PSA from the Federal Bureau of Investigation (FBI):

https://www.ic3.gov/media/2018/180807.aspx

Impersonation Emails

All email accounts associated with the impersonation attempts have been hosted by third-parties external to UNM.  As with the extortion emails referenced above, there does not appear to be any indication of compromised UNM accounts associated with these types phishing/spoofing campaigns.  Additionally, there is no evidence automatic downloads, malware, or other malicious software associated with the email samples provided.

For more information regarding extortion email schemes please reference the following PSA from the Federal Trade Commission (FTC):

https://www.consumer.gov/articles/imposter-scams

What you can do

UNM community members are encouraged to report suspicious activity to the University Information Security & Privacy Office at the address security@unm.edu.  Where possible, ISPO staff encourage users to submit samples ‘as an attachment’ so the full message headers can be analyzed.  For information on providing an email as an attachment please visit the following:

https://ispo.unm.edu/frequently-asked-questions.html

Spam:

These messages typically have one or more of the following attributes/characteristics:

• The messages are unsolicited and are sent from unfamiliar addresses
• Contain ‘[SPAM?? #%]’ in the subject line
• Contain advertising in the message body

What you should do:  Forward the Spam sample (as an attachment) to spamdrop@unm.edu

Phishing:

These messages typically have one or more of the following attributes/characteristics:

• The messages are unsolicited and are sent from unfamiliar addresses
• The message body encourages you to take any action such as responding to the original message or clicking a link, or contains otherwise suspicious text

What you should do:  Forward the Phishing sample (as an attachment) to security@unm.edu

To stay updated with the latest phishing attempts and major security alerts visit the ISPO’s Phish Bowl and Advisories page:

https://ispo.unm.edu/phish-bowl/index.html

https://ispo.unm.edu/advisories/index.html

For more information regarding phishing/spoofing email schemes please reference the following PSA from the Federal Bureau of Investigation (FBI):

https://www.ic3.gov/crimeschemes.aspx#item-14

If you feel you have been the victim of a crime please file a report with UNM PD or visit https://police.unm.edu.

To ensure continued security and support (and lay the groundwork for new features and functionality), UNM IT is replacing legacy domain controllers in Gallup Wednesday (7/3/2019) - Saturday (7/6/2019).

No outage or impact is expected, unless a device or application is pointing directly to a specific domain controller that is being demised.

Those include:

UNMGCH2CDC01

Once this activity is completed, the DC above will no longer service authentication requests - please check your applications, devices, etc. that authenticate against Active Directory to ensure these legacy DCs are not hardcoded into your configuration.

UNM Jobs/TMS will briefly be unavailable while Cornerstone applies software patches. The patch(es) will be applied during the maintenance window on Friday, June 28, sometime between 10:00 p.m. and midnight. The outage itself may only last 20 minutes.

Help.UNM will be Unavailable during the scheduled reboot of Cherwell Servers. The next reboot process will occur from 7:00 a.m. to 11:00 a.m. on Sunday, June 23, 2019.

The monthly reboots are scheduled for the 4th Sunday of the month.