Windows: IE 0-day vulnerability (CVE-2014-1776)

SUMMARY: Windows: IE 0-day vulnerability (CVE-2014-1776)
POSTED ON: 04/28/2014
REPORTER: Jocelyn E Kasamoto (jocelyn)
START TIME: Apr 28 12:46 PM
END TIME: May 28 12:46 PM
DESCRIPTION: Microsoft released Security Advisory 2963983 reporting a zero-day vulnerability in Internet Explorer (IE), versions IE6 through IE11, taking advantage of a vulnerability in Adobe Flash. An attacker could gain remote code access to the vulnerable system. The exploit is currently being seen in targeted attacks against versions IE9-IE11.

Microsoft has not released a patch or temporary "fix-it" to date and is working with security vendor FireEye.

Until a patch for IE is released, please use an alternate web browser (eg Firefox, Chrome). Update Flash Player for all your web browsers. Note: Adobe released security updates for Flash Player APSB14-13(see

For more information

If you have questions or need assistance, please contact the ITS Help Desk at 956-8883, email or call (800) 558-2669 toll free from the neighbor islands.
UPDATE:05/01/2014 01:19 PM: May 1, 2014 - Microsoft released security update KB2964358 (MS14-021) -- even for WinXP! Run Windows Update as soon as possible. See also