Skip to Navigation | Skip to Content

No Patch Yet for Internet Explorer Attack

« New ITS Website | Main | Secure Your PDA Before Disposing of It »

Following Microsoft's monthly "Tuesday Patch Day", whereby Microsoft provided multiple critical Windows & Office updates, a new vulnerability began circulating the Internet. This new attack specifically targets Internet Explorer and can result in a computer being compromised by an attacker.

Once an individual visits a specially crafted website, the attack can either force IE to crash or the attacker can use the vulnerability to launch arbitrary commands and compromise the victim computer.

Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. Beyond suggesting that users avoid "bad websites", users are also being told to disable "ActiveX scripting" in IE or secure it to your trusted security zones as a precaution.

Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. As always, we suggest that you avoid any suspicious or "bad" websites. If you believe you may have entered one of these sites, it may be prudent to simply quit out of your browser and restart the application again.