Notices
NSC-040614: Cross-Domain Redirect Vulnerability in Internet Explorer
An advisory has recently been released by the US Computer Emergency Response Team (CERT) and others, concerning a significant security vulnerability in the Microsoft web browser software Internet Explorer (IE). Other Microsoft programs that render html (web pages) such as Outlook and Outlook Express may also be at risk.
Currently there is no fix for this problem and some sites have reported active exploits. These exploits allow an attacker to gain control over a workstation allowing execution of malicious programs, altering information, and/or stealing information from the computer, if a user clicks on a link that executes an exploit program. A detailed (technical) description of the problem can be found at http://www.kb.cert.org/vuls/id/713878
Consider advising users in your area of the following important precautions:
1. Do NOT click on *any* links sent to you in unsolicited (untrusted) spam e-mail, instant messages, on web forums, or in internet relay chat (IRC) channels. Also, do not open attachments unless they are expected.
2. As a regular practice, be sure to run the most current versions of Microsoft programs, and install all security updates as they become available.
3. Make certain Anti-Virus software is kept current, and the virus detection signatures are updated DAILY.
If you need help with any of these protection measures, contact your local IT support or the ITS Help Desk at 384-HELP (4357).
Microsoft has prepared a web page "Increase Your Browsing and E-Mail Safety" with four recommendations for the highest level of security. Users who believe they are at high risk are encouraged to follow these recommendations or consult with local IT support about possible alternatives.