Microsoft released Security Advisory 2963983 regarding an issue that affects Microsoft Internet Explorer versions 6 through 11.
These versions of Internet Explorer have a flaw in how the browser accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code when a user accesses content in Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this flaw through Internet Explorer and then convince a user to view the website.
How will this affect you?
There is currently no patch available for this vulnerability and Microsoft has not, at the time of writing, provided a release date for one. If you are using Internet Explorer as your browser, your computer is at risk of being compromised by malware.
What do you need to do?
- Until a patch for Internet Explorer is released, we highly recommend using another browser for general web browsing of sites not managed by Cornell or NYP, such as Mozilla Firefox.
- If your computer is running Windows XP, your machine is at an even higher risk of becoming infected as Microsoft ended support for this operating system earlier this month. It is important to migrate to Windows 7 as soon as possible. Please contact the Service Desk if you have questions about upgrading to Windows 7.
- Review our 5 Tips to Avoid Internet Fraud to protect your data and report any suspicious emails and links to the Service Desk.