Windows: IE 0-day vulnerability (CVE-2014-1776)

SUMMARY: Windows: IE 0-day vulnerability (CVE-2014-1776)
POSTED ON: 04/28/2014
REPORTER: Jocelyn E Kasamoto (jocelyn)
START TIME: Apr 28 12:46 PM
END TIME: May 28 12:46 PM
DESCRIPTION: Microsoft released Security Advisory 2963983 reporting a zero-day vulnerability in Internet Explorer (IE), versions IE6 through IE11, taking advantage of a vulnerability in Adobe Flash. An attacker could gain remote code access to the vulnerable system. The exploit is currently being seen in targeted attacks against versions IE9-IE11.

Microsoft has not released a patch or temporary "fix-it" to date and is working with security vendor FireEye.

Until a patch for IE is released, please use an alternate web browser (eg Firefox, Chrome). Update Flash Player for all your web browsers. Note: Adobe released security updates for Flash Player APSB14-13(see http://www.hawaii.edu/technews/notice.php?id=270207)


For more information

https://technet.microsoft.com/en-US/library/security/2963983

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

https://isc.sans.edu/forums/diary/IE+Zero+Day+Advisory+from+Microsoft/18035

http://helpx.adobe.com/security/products/flash-player/apsb14-13.html

If you have questions or need assistance, please contact the ITS Help Desk at 956-8883, email help@hawaii.edu or call (800) 558-2669 toll free from the neighbor islands.
UPDATE:05/01/2014 01:19 PM: May 1, 2014 - Microsoft released security update KB2964358 (MS14-021) -- even for WinXP! Run Windows Update as soon as possible. See also http://www.hawaii.edu/technews/notice.php?id=270625