This Saturday, Microsoft released Security Advisory 2963983, which briefly describes a new zero-day vulnerability in Internet Explorer that, if exploited, may allow an attacker to execute arbitrary instructions on your computer… In other words, take control over your computer.
Why should I worry?
Two reasons: First, Internet Explorer has been a default part of the Windows desktop and server systems since Windows 95, so its use is ubiquitous. Second, although many vulnerabilities are discovered without being actually exploited (used by hackers), there have been reports that this vulnerability has already been exploited in the real world; ie., people are already being hacked with it.
Is there a fix?
Not right now. Microsoft’s usual monthly update is due on May 13th and will likely include a fix, but due to the severity of this issue they may release an out-of-band (immediate) fix. If such a fix is released we will automatically deploy it to all of our campus desktops, and you should also deploy it to your home PCs as well.
Is there a work-around?
Microsoft has stated that this vulnerability exists under only specific conditions (namely the usage of Adobe Flash in Internet Explorer) and has offered a few recommendations to protect IE from this vulnerability, but we feel that these steps are more tedious than worthwhile and would likely require further action when the issue is remedied.
Therefore, ITS is recommending that you stop using Internet Explorer until further notice.
If I can’t use IE, then what should I use?
There are several alternative web browsers for Windows. The two most popular are Mozilla Firefox (Click here to download), or Google Chrome (Click here to download). Which you choose is personal preference, although Firefox SEEMS to work better with Office365 (webmail).
I have an important application that only works with Internet Explorer… What should I do?
Please contact the ITS department at (502) 863-4357 and we will work with you to secure Internet Explorer or investigate alternative solutions.