|SUMMARY:||Windows: Out-of-band Security Advisory for all Versions of Internet Explorer (2887505)|
|REPORTER:||Jocelyn E Kasamoto (jocelyn)|
|START TIME:||Sep 17 05:22 PM|
|END TIME:||Oct 17 05:23 PM|
Microsoft released an out-of-band security advisory (2887505) for a 0-day vulnerability in ALL versions of Internet Explorer (IE6, 7, 8, 9, 10, 11) that could allow remote code execution. They are aware of targeted attacks attempting to exploit this vulnerability in IE8 and IE9. Windows computers could get hacked when users visit a malicious website with a vulnerable version of IE.
Microsoft has released a workaround: Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," which prevents the exploitation of the vulnerability. The Fix it solution is only for 32-bit versions of IE. You must have security update 2870699 installed before applying this Fix it.
Note: ITS has not thoroughly tested the Fix it solution. Use at your own risk.
Recommendation: use an alternate browser, such as Firefox or Chrome, until Microsoft releases a security update for the vulnerability. Use IE only for the web applications that require IE.
If you have questions, please contact the ITS Help Desk at 956-8883 or email firstname.lastname@example.org.
For more information:
Microsoft Security Advisory (2887505) - Vulnerability in Internet Explorer Could Allow Remote Code Execution
Microsoft Fix It Solution for Security Advisory 2887505
Microsoft Fix it 51001 - enable
Microsoft Fix it 51002 - disable