[IS&T Security-FYI] SECURITY ADVISORY: Zero-Day Vulnerability in Internet Explorer Disclosed by Microsoft

Monique Yeaton myeaton at MIT.EDU
Thu Sep 20 09:39:08 EDT 2012 

Information Services & Technology (IS&T) would like to make the MIT community aware of a security advisory being published by Microsoft concerning the Internet Explorer web-browser.

What

Microsoft has announced the discovery of a zero-day exploit found Internet Explorer.  The exploit allows an attacker to compromise affected machines when specially crafted web-content is viewed with Internet Explorer.  Microsoft is actively working on a patch for Internet Explorer; all major antivirus and anti-malware programs are currently unable to prevent or detect this exploit.

What is a zero-day vulnerability?

A zero-day vulnerability is a previously unknown exploit in a computer application, meaning that the attack occurs on “day zero” of awareness of the vulnerability.  This means that the developers have had zero days to address and patch the vulnerability. [Source: Wikipedia]

Who Is Affected

Microsoft Windows XP, Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008 systems with Internet Explorer versions 6, 7, 8, or 9 installed.  Those using Microsoft Outlook, Outlook Express and Windows Mail are also at risk.

Mitigation Instructions

Alternative browsers, including Mozilla Firefox and Google Chrome, are unaffected by this exploit -- these browsers can be used as an Internet Explorer alternative until a patch has been released by Microsoft.

Internet Explorer, Microsoft Outlook, Outlook Express and Windows Mail users should be extra vigilant when opening links received via email.

More Information

More information about this specific zero-day exploit can be found on Microsoft’s Security Advisory site:

http://technet.microsoft.com/en-us/security/advisory/2757760

and here:

http://arstechnica.com/security/2012/09/critical-zero-day-bug-in-microsoft-internet-explorer/

Next steps

Another notice will be sent when Microsoft has addressed this zero-day vulnerability or more information becomes available.


Thanks,

Monique

=========================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120920/c6d907de/attachment.htm

More information about the ist-security-fyi mailing list