On Saturday, April 26 2014, Microsoft released a security advisory warning about a newly discovered vulnerability in ALL supported versions of Internet Explorer (IE 6 – IE 11) that could allow attackers to execute code on a victim’s computer.
Simply by visiting an affected website, the vulnerability can be exploited to install malware or other malicious software. Although the Microsoft advisory says that there have been only “limited targeted attacks” at this point,
it is prudent to be concerned, as more widespread attacks could follow. For detailed information regarding the security advisory warning, visit Microsoft Security Advisory.
Microsoft has not yet released a patch for this security flaw.
For those who MUST run web applications that require IE, refer to the steps below to mitigate risk of compromise. You may choose to use either option 1 or option 2.
1. Run Internet Explorer in Enhanced Protected Mode. To do this, perform the following steps:
- In Internet Explorer, click Tools, click Internet Options, and then click the Advanced tab.
- In the Security (scroll down to locate) check Enhanced Protected Mode
- Click Apply
NOTE: The setting does not take effect until the machine is rebooted.
2. Disable Shockwave Flash Plugin. To do this, perform the following steps:
- In Internet Explorer, click Tools select Manage add-ons
- Right click on Shockwave Flash Object and then click Disable
If you require assistance, please contact the Help Desk at extension 2829 or firstname.lastname@example.org