Reaching Others University at Buffalo - The State University of New York
Skip to Content

UBIT SECURITY ALERT, 5/1/2014

Internet Explorer Vulnerability 5-1-2014

IT Security Alert

Microsoft has confirmed a security vulnerability affecting all versions of Internet Explorer. UBIT recommends you stop using Internet Explorer, and use Firefox, Safari or other unaffected browser.

May 1, 2014

UBIT has received the following advance notice from Microsoft:

At approximately 10 a.m. PDT (1 p.m. EDT), Microsoft will release an out-of-band security update to address the issue affecting Internet Explorer (IE) that was first discussed in this Microsoft Security Advisory. This update is fully tested and ready for release for all affected versions of the browser.

The majority of customers have automatic updates enabled and will not need to take any action as protections will be downloaded and installed automatically. For those manually updating, we strongly encourage you to apply this update as quickly as possible following the directions in the released security bulletin.

Windows XP

Microsoft has made the decision to issue a security update for Windows XP users.

Windows XP is no longer supported by Microsoft, so customers are encouraged to migrate to a modern operating system, such as Windows 7 or 8/8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.

Microsoft Security Bulletin Advance Notification

  • Bulletin ID: Bulletin 1
  • Maximum Severity Rating: Critical
  • Vulnerability Impact: Remote Code Execution
  • Restart Requirement: Requires a restart
  • Affected Software: Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on all supported versions of Windows

The list of affected software in the summary table is an abstract. To see the full list of affected components, please visit the Advance Notification webpage at the link below and review the "Affected Software" section.

The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here.

Bulletin Release (Out-of Band) Webcast

Microsoft will host a webcast to address customer questions on the out-of-band security bulletin on May 2, 2014 at 11:00 a.m. Pacific Time (US & Canada) (2 p.m. EST). Register now for the May Security Bulletin Webcast.

Additional Resources

April 29, 2014

Microsoft has confirmed a major bug which allows hackers to exploit flaws in Internet Explorer 6 through 11.

What Does the Vulnerability Do?

A hacker who successfully exploits this vulnerability could take complete control of an affected system. Hackers could then install programs, view, change, or delete data, or create new accounts with full user rights.

Is There a Fix?

Microsoft is still working on a fix for supported operating systems. In the meantime, you should either not use Internet Explorer or disable Adobe Flash.

Since Microsoft no longer supports Windows XP, a fix will only be available for newer operating systems. If your computer is running Windows XP, you should either upgrade to Windows 7 or 8, or purchase a new computer.

DATE ACTIVE:

4/29/14

THREAT LEVEL:

High

TYPE:

Vulnerability exploit

Did This Page Answer Your Question?

(Required)
 
Email, UBITName or phone number
(Required)
Enter the letters or numbers you see below in the space provided. Click "Get a new challenge" if they are not readable.