ARCHIVED: If you get a notice from UISO about vulnerable software

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

On this page:

Overview

The Indiana University Information Security Office (UISO) sends email notifications to alert students, faculty, and staff of software risks identified by Secunia Personal Software Inspector (PSI) or the Secunia Corporate Software Inspector (CSI) Agent. For example, you might receive an email message with a subject line like the following:

 [IT-Incident #123456] UIPO Software Vulnerabilities Notice: bl-dept-machinename

The message will include the software name, the full path to the executable file, and details about the computer to help you ensure you're looking at the correct computer. Generally, you have two options: remove the application, or update it to a current version. Vendors will usually have released a newer version that isn't susceptible to the vulnerability; visit the vendor's website to obtain the most current version.

For more, see Personal & Corporate Software Inspector.

Use Secunia PSI

Often Secunia PSI can help you obtain the most current version of the software. You may have to run it in advanced mode to see all the software it detects. For each vulnerable application there is typically a Download Solution or Click to update button that will download the most current version from the vendor's website.

Backup files

Sometimes the "application" that UISO notifies you about will consist of backup files from an older installation of Windows. For instance, certain types of installations of Windows 8.x and older versions may generate a folder named c:\Windows.old, containing files from your previous operating system. You may also have manually stored backup files from an older version of Windows. These files, while not generally executed by your newer Windows installation, can still put you at risk. If you no longer need to save them, it's a good idea to delete them.

Modify subscription options

You can choose the frequency with which UISO notifies you about your vulnerabilities at Login Activity & Subscription Options.

Related documents

Check for, update, and remove old versions of Java in Windows

This is document azir in the Knowledge Base.
Last modified on 2019-09-24 14:22:57.