Click for a hub of Extension resources related to the current COVID-19 situation.
COVID-19 Resources
Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Zero day exploit for Internet Explorer versions 9 and 10

by

On Friday, February 14, a zero day exploit was identified for Internet Explorer versions 9 and 10 which run on Windows Vista and Windows 7 respectively.  Malicious content was identified on a Veteran of Foreign Wars website.  The malicious code has been subsequently removed but other examples of the code are expected.  The vulnerability is not exploitable on other versions of Internet Explorer.

Until a patch is available, the AgriLife IT ISO recommendation is to limit use of Internet Explorer to AgriLife or Texas A&M University websites. If access to non-AgriLife or University websites is needed, another web browser (such as Firefox) should be used.  If possible, a script blocking plug-in (such as noscript.net) should be included with Firefox.

However, even the use of web browsers other than Internet Explorer does not ensure complete protection. The main reason for this is flash code can still be rendered in various Office applications such as Word or Excell.

Update Feb 19 2:40 pm.

As of Feb 20, Microsoft has provided a fix it utility. It is available at – http://support.microsoft.com/kb/2934088

Update Feb 20 1:00 pm.

The Flash code for all systems starting with Windows 8 systems running Internet Explorer 10 is maintained by Microsoft.  On Thursday, Feb 20 Microsoft issued a patch for Internet Explorer Version 10 and 11 on Windows 8 and Windows 8.1.  The updated files are available for download at https://support.microsoft.com/kb/2934802

Adobe still maintains the flash code for systems running Windows 7 and older. They have also issued an update as of Feb 20. It is available at the flash player download center – http://get.adobe.com/flashplayer/

If you have not done so already, users of Windows 7 or Windows 8 should update to Internet Explorer 11. It is available for download at http://windows.microsoft.com/en-us/internet-explorer/ie-11-worldwide-languages 

 

Zero day exploit identified for all current versions of Internet Explorer – IE6-9

by

On Monday, September 17, a zero day exploit was identified for all current versions of Internet Explorer.  Suggestions by many of the security resources were that IE should not be used for accessing the Internet until the vulnerability was addressed.  See the following resources for information:

Update September 20

On Wednesday, September 19,  Microsoft released a fix it solution to address the vulnerability – it can be accessed at the following URL –

Update 2 – September 21

Microsoft is scheduled to release an out of band patch for the Internet Explorer vulnerability at about noon central time on Friday, September 21.

http://technet.microsoft.com/en-us/security/bulletin/ms12-sep

 

Information on other Microsoft patches released during the week of September 19

Microsoft also released KB 2735855 during the evening of 9/19. That update was identified as IMPORTANT and is unrelated to the IE vulnerability.

http://support.microsoft.com/kb/2735855

Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2