Information Security Advisory A recently disclosed Windows Shell vulnerability (CVE‑2026‑21510) allows bypass critical security features by exploiting improper validation in Windows Shell components. Severity level CVSS Score: 8.8/high Description: CVE‑2026‑21510 is a protection mechanism failure in Microsoft Windows Shell that enables an unauthorized attacker to bypass built‑in security features over a network. The […]
Information Security Advisory A recently discovered vulnerability in the Kubernetes ingress-nginx controller (CVE‑2026‑24512) allows attackers to execute arbitrary code by exploiting improper sanitization of user‑supplied ingress path data. Severity level CVSS Score: 8.8/high Description: Ingress‑NGINX is a widely used open‑source Kubernetes ingress controller responsible for managing inbound traffic to cluster services. A vulnerability […]
Service Advisory Please share the following with your teams. Service Maintenance: MyApps Scheduled Maintenance Window: Start: Thursday February 19, 2026 6:00 a.m. End: Thursday February 19, 2026 8:00 a.m. Impact/Details: UIT teams will upgrade to latest vendor release to improve service reliability. Service will continue to be online, however in degraded mode during the maintenance window. […]
Service Advisory Please share the following with your teams. Service Maintenance: Unified Print Management Scheduled Maintenance Window: Start: Thursday February 19, 2026 6:00 p.m. End: Thursday February 19, 2026 11:00 p.m Impact/Details: Print services in the Administrative offices, Faculty student labs and Libraries will not be available. UIT teams will upgrade service to latest vendor release […]
Service Advisory Please share the following with your teams. Scheduled Outage: YU Learn service (https://yulearn.yorku.ca) Scheduled Date/Time of Service Outage: Start: Wednesday February 18, 2026 7:00 a.m. End: Wednesday February 18, 2026 9:00 a.m. Details and Impact: UIT will be performing a server upgrade and applying minor bug fix updates. Users will not […]
Information Security Advisory A recently discovered Notepad++ vulnerability (CVE‑2025‑15556) allows attackers to execute arbitrary code by exploiting insecure update integrity verification. Severity level CVSS Score: 7.7/high Description: Notepad++ is a free and open-source source code editor. A vulnerability exists in Notepad++ versions prior to 8.8.9 involving the WinGUp updater, which fails to cryptographically […]
Information Security Advisory A recently discovered Notepad++ vulnerability (CVE‑2025‑15556) allows attackers to execute arbitrary code by exploiting insecure update integrity verification. Severity level CVSS Score: 7.7/high Description: Notepad++ is a free and open-source source code editor. A vulnerability exists in Notepad++ versions prior to 8.8.9 involving the WinGUp updater, which fails to cryptographically […]
Service Advisory Please share the following with your technical teams. Service Maintenance: Microsoft Endpoint Management (MEM) Scheduled Maintenance Window: Start: Monday February 9, 2026 10:00 a.m. End: Thursday February 12, 2026 4:00 p.m. Impact/Details: UIT teams are preparing to modernize management of university owned computers running Windows with MEM. UIT teams will remove all self-registered […]
Service Advisory Service Maintenance: Microsoft Endpoint Management (MEM) Scheduled Maintenance Window: Start: Tuesday February 3, 2026 12:00 p.m. End: Tuesday February 3, 2026 1:00 p.m. Impact/Details: · UIT teams are preparing to modernize management of university-owned computers running Windows with MEM. · UIT teams will disable self-registration of devices in MEM. Contact IT Client […]
Information Security Advisory A critical remote authentication bypass vulnerability (CVE-2026-24061) has been disclosed in the GNU InetUtils telnetd server, affecting versions 1.9.3 through 2.7. Severity level CVSS Score: 9.8/Critical. Description: CVE-2026-24061 is an argument injection / authentication-bypass vulnerability in the telnetd component of GNU InetUtils. During Telnet NEW-ENVIRON negotiation, telnetd passes the attacker-controlled […]