Skip to Navigation | Skip to Content

New Internet Explorer bug *UPDATED 5-1*

« Important New Web (OpenSSL) Vulnerability | Main | Connect-Direct: May 2014 »

Microsoft released a Security Advisory yesterday affecting Internet Explorer up to and including the most recent version, Internet Explorer 11.

The US Computer Emergency Readiness Team (US-CERT) has made the following recommendation regarding this vulnerability:

"US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser."

As such we recommend, as an alternative to Internet Explorer, that you consider using Google Chrome, Mozilla Firefox, or Safari when visiting websites. If you must use an NYU application that only supports Internet Explorer you should feel free to do so. For browsing sites outside of NYU, however, the use of Chrome, Firefox, or Safari is recommended instead.

For more information please see:

*http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being

* https://technet.microsoft.com/en-US/library/security/2963983

* http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

As always, please contact security@nyu.edu with any questions.


UPDATE: Microsoft has issued a security patch for this vulnerability, and it is available via Windows Update. There is more information about the patch at https://technet.microsoft.com/library/security/ms14-021