On Friday, February 14, a zero day exploit was identified for Internet Explorer versions 9 and 10 which run on Windows Vista and Windows 7 respectively. Malicious content was identified on a Veteran of Foreign Wars website. The malicious code has been subsequently removed but other examples of the code are expected. The vulnerability is not exploitable on other versions of Internet Explorer.
Until a patch is available, the AgriLife IT ISO recommendation is to limit use of Internet Explorer to AgriLife or Texas A&M University websites. If access to non-AgriLife or University websites is needed, another web browser (such as Firefox) should be used. If possible, a script blocking plug-in (such as noscript.net) should be included with Firefox.
However, even the use of web browsers other than Internet Explorer does not ensure complete protection. The main reason for this is flash code can still be rendered in various Office applications such as Word or Excell.
Update Feb 19 2:40 pm.
As of Feb 20, Microsoft has provided a fix it utility. It is available at – http://support.microsoft.com/kb/2934088
Update Feb 20 1:00 pm.
The Flash code for all systems starting with Windows 8 systems running Internet Explorer 10 is maintained by Microsoft. On Thursday, Feb 20 Microsoft issued a patch for Internet Explorer Version 10 and 11 on Windows 8 and Windows 8.1. The updated files are available for download at https://support.microsoft.com/kb/2934802
Adobe still maintains the flash code for systems running Windows 7 and older. They have also issued an update as of Feb 20. It is available at the flash player download center – http://get.adobe.com/flashplayer/
If you have not done so already, users of Windows 7 or Windows 8 should update to Internet Explorer 11. It is available for download at http://windows.microsoft.com/en-us/internet-explorer/ie-11-worldwide-languages