Microsoft Internet Explorer Vulnerability Alert

April 29, 2014 2:50 PM

On April 26th, 2014, Microsoft announced that they discovered a vulnerability in Internet Explorer (IE). The vulnerability exists in IE 6, 7, 8, 9, 10, and 11. Exploitation of this vulnerability is reportedly being used in limited, targeted attacks. Currently, there is no patch available and Microsoft did not provide a release date.

Those running IE are at risk.

Apple workstations and laptops do not run Internet Explorer and are therefore not vulnerable.

What can be done to protect yourself?

It is recommended that you do not use IE until a patch/update is provided, unless you need it for Banner access.

If you must use IE, please make sure your anti-virus software is up-to-date and apply the updates from Microsoft as soon as they become available. Do not follow links or open email attachments provided by unknown or untrusted sources.

What is the University doing about this?

Unfortunately, many University applications, including Banner, require Internet Explorer. However, the IT Security Office is working with Desktop Support to install a Microsoft solution that can fix this vulnerability and in general provide better security for Internet Explorer.

We are currently testing a solution called “Enhanced Mitigation Experience Toolkit” or “EMET” for short.

Upon completion of successful testing, it will be installed on all Microsoft Windows computers participating in MESA.

Additional Information
 

• Symantec – Emerging Threat: Microsoft Internet Explorer Zero-Day Remote Code Execution Vulnerability
  http://www.symantec.com/connect/blogs/emerging-threat-microsoft-internet-explorer-zero-day-cve-2014-1776-remote-code-execution-vulne
• New Internet Explorer CVE-2014-1776 Zero Day Used in Targeted Attacks
  http://threatpost.com/new-internet-explorer-cve-2014-1776-zero-day-used-in-targeted-attacks/105720
• New Zero-Day Vulnerability CVE-2014-1776 Affects all Versions of Internet Explorer Browsers
  http://thehackernews.com/2014/04/new-zero-day-vulnerability-cve-2014.html
• National Vulnerability Database
  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1776
• CNET
  http://www.cnet.com/news/new-zero-day-vulnerability-identified-in-all-versions-of-ie/
• FireEye
  http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
• TechNet
  https://technet.microsoft.com/en-US/library/security/2963983

If you have any questions, please contact the Support Center at 703-993-8870 or via email at support@gmu.edu.