Ask Us logo

Quick Links

Windows: Out-of-band Security Advisory for all Versions of Internet Explorer (2887505)

SUMMARY: Windows: Out-of-band Security Advisory for all Versions of Internet Explorer (2887505)
POSTED ON: 09/17/2013
REPORTER: Jocelyn E Kasamoto (jocelyn)
START TIME: Sep 17 05:22 PM
END TIME: Oct 17 05:23 PM
DESCRIPTION: Microsoft released an out-of-band security advisory (2887505) for a 0-day vulnerability in ALL versions of Internet Explorer (IE6, 7, 8, 9, 10, 11) that could allow remote code execution. They are aware of targeted attacks attempting to exploit this vulnerability in IE8 and IE9. Windows computers could get hacked when users visit a malicious website with a vulnerable version of IE.

Microsoft has released a workaround: Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," which prevents the exploitation of the vulnerability. The Fix it solution is only for 32-bit versions of IE. You must have security update 2870699 installed before applying this Fix it.

Note: ITS has not thoroughly tested the Fix it solution. Use at your own risk.

Recommendation: use an alternate browser, such as Firefox or Chrome, until Microsoft releases a security update for the vulnerability. Use IE only for the web applications that require IE.

If you have questions, please contact the ITS Help Desk at 956-8883 or email help@hawaii.edu.

For more information:

Microsoft Security Advisory (2887505) - Vulnerability in Internet Explorer Could Allow Remote Code Execution
https://technet.microsoft.com/en-us/security/advisory/2887505

Microsoft Fix It Solution for Security Advisory 2887505
http://support.microsoft.com/kb/2887505

Microsoft Fix it 51001 - enable
Microsoft Fix it 51002 - disable