If I get an email notice from UISO about vulnerable software, what should I do?

The Indiana University Information Security Office (UISO) sends email notifications to alert students, faculty, and staff of software risks identified by Secunia Personal Software Inspector (PSI) or the Secunia Corporate Software Inspector (CSI) Agent. For example, you might receive an email message with a subject line like the following:

 [IT-Incident #123456] UIPO Software Vulnerabilities Notice: bl-dept-machinename

The message will include the software name, the full path to the executable file, and details about the computer to help you ensure you're looking at the correct computer. Generally, you have two options: remove the application, or update it to a current version. Vendors will usually have released a newer version that isn't susceptible to the vulnerability; visit the vendor's website to obtain the most current version.

For more, see Personal & Corporate Software Inspector.

Using Secunia PSI to help

Often Secunia PSI can help you obtain the most current version of the software. You may have to run it in advanced mode to see all the software it detects. For each vulnerable application there is typically a Download Solution or Click to update button that will download the most current version from the vendor's website.

Backup files

Sometimes the "application" that UISO notifies you about will consist of backup files from an older installation of Windows. For instance, certain types of installations of Windows 8.x, Windows 7, or Vista may generate a folder named c:\Windows.old, containing files from your previous operating system. You may also have manually stored backup files from an older version of Windows. These files, while not generally executed by your newer Windows installation, can still put you at risk. If you no longer need to save them, it's a good idea to delete them; see Microsoft's How do I remove the Windows.old folder? (for Windows 7) and How can I remove Windows.old.000? (for Vista).

Modifying subscription options

If you would like to change the frequency with which UISO notifies you about your vulnerabilities, you can do one of the following:

This is document azir in the Knowledge Base.
Last modified on 2018-10-23 10:08:49.

Contact us

For help or to comment, email the UITS Support Center.