|SUMMARY:||Windows: IE 0-day vulnerability (CVE-2014-1776)|
|REPORTER:||Jocelyn E Kasamoto (jocelyn)|
|START TIME:||Apr 28 12:46 PM|
|END TIME:||May 28 12:46 PM|
Microsoft released Security Advisory 2963983 reporting a zero-day vulnerability in Internet Explorer (IE), versions IE6 through IE11, taking advantage of a vulnerability in Adobe Flash. An attacker could gain remote code access to the vulnerable system. The exploit is currently being seen in targeted attacks against versions IE9-IE11.
Microsoft has not released a patch or temporary "fix-it" to date and is working with security vendor FireEye.
Until a patch for IE is released, please use an alternate web browser (eg Firefox, Chrome). Update Flash Player for all your web browsers. Note: Adobe released security updates for Flash Player APSB14-13(see http://www.hawaii.edu/technews/notice.php?id=270207)
For more information
If you have questions or need assistance, please contact the ITS Help Desk at 956-8883, email firstname.lastname@example.org or call (800) 558-2669 toll free from the neighbor islands.
|UPDATE:||05/01/2014 01:19 PM: May 1, 2014 - Microsoft released security update KB2964358 (MS14-021) -- even for WinXP! Run Windows Update as soon as possible. See also http://www.hawaii.edu/technews/notice.php?id=270625|