What is S&T’s response to CVE-2023-5129/CVE-2023-4863 (WebP)?

The S&T IT Department is aware of a concerning cybersecurity threat that can easily target and exploit a significant number of software and web browsers used on campus.

The threat has been identified and given a Common Vulnerabilities and Exposures (CVE) ID, CVE-2023-5129 (now updated to be CVE-2023-4863) which marks it as a critical issue with a maximum 10/10 severe rating given how easily it can be exploited.

S&T IT is taking this threat seriously and working to patch and update most widely used web browsers and software on campus first. As IT monitors this situation, the web browsers and software listed here – https://medium.com/@penquestr/libwebp-the-new-log4j-3e932b35bdcb – may have limited access or be blocked at the firewall to prevent increased threat to campus.

To assist with protecting campus, please take this threat seriously and update your personal computers and devices. IT also recommends you exercise extreme caution when browsing the internet or opening emails.

Please visit this page again as updates to address the vulnerability at S&T will be posted below. You may also visit the S&T IT Status Page for a quick visual reference of the status of this threat.

—————–UPDATES—————–

08:30am 09/28/2023 – Updates/Patch to Chrome and Firefox pushed to campus managed computers.
10:00am 09/28/2023 – Updates/Patch to Microsoft Office and Microsoft Edge pushed to campus managed computers (will require a reboot)
10:00am 09/28/2023 – Updates to communications that CVE-2023-5129 has been updated to CVE-2023-4863
01:30pm 09/28/2023 – Chrome updates: 2921 computers completed; 25 computers in-progress; 1209 computers unknown (off network, powered off, inactive)
01:30pm 09/28/2023 – Firefox updates: 2967 computers completed; 35 computers in-progress; 1211 computers unknown (off network, powered off, inactive)
02:30pm 09/28/2023 – Windows updates, Microsoft Edge, Microsoft Office: 2489 computers completed
04:00pm 10/02/2023 – Firefox updates: 3440 computers completed
04:00pm 10/02/2023 – Chrome updates: 3444 computers completed
04:00pm 10/02/2023 – Windows updates, Microsoft Edge, Microsoft Office: 3073 computers completed
02:00pm 11/01/2023 – Firefox updates: 3797 computers completed (89.8%)
02:00pm 11/01/2023 – Chrome updates: 3803 computers completed (89.9%)
02:00pm 11/01/2023 – Windows updates, Microsoft Edge, Microsoft Office: 3708 computers completed (86.1%)
05:00pm 11/01/2023 – IT Status Page (https://status.mst.edu) incident marked as resolved, IT will continue to monitor