New Vulnerability in ALL Versions of Internet Explorer

MSFT_logo_Page

Overview

Microsoft and US-Cert have released an alert about a vulnerability in all versions of Internet Explorer (IE 6 – IE 11) that could allow an attacker to install and run code on a computer. The most likely way a computer would be affected is through a website drive-by-download. A drive-by-download is where a user visits a malware infected website and malicious code on the website exploits the vulnerability in the users web browser to infect the computer with malware.

As of now researchers have only seen active campaigns on the Internet targeting IE 9 through IE 11 though earlier versions of IE may become targets in the future.

When Microsoft releases a patch to close this vulnerability only users running Windows 7 and above will be fixed. Windows XP users will never have this vulnerability fixed, forever leaving Windows XP users insecure from a known serious vulnerability in Internet Explorer.

For the user

Windows 7 and above users should use Internet Explorer only if it is necessary for business activities, e.g. NU SharePoint, or Banner. For all other websites it is recommended to use a browser other than Internet Explorer until a patch is released.

Windows XP users, Microsoft no longer releases updates or patches for Windows XP; there will never be a patch for this vulnerability. It is strongly recommended to upgrade to Windows 7 or 8.1.

Contact the Service Desk at 617-373-4357 or help@neu.edu for assistance with alternate browsers or upgrading to Windows 7.

More Information

ThreatPost: NEW INTERNET EXPLORER CVE-2014-1776 ZERO DAY USED IN TARGETED ATTACKS

KrebsonSecurity: Microsoft Warns of Attacks on IE Zero-Day

Sophos: Microsoft acknowledges “in the wild” Internet Explorer zero-day

The Verge: Security flaw puts all Internet Explorer users at risk, exposes Windows XP

This entry was posted in Malware, Anti-Virus, Phishing, Scams, Safe Computing. Bookmark the permalink. Both comments and trackbacks are currently closed.