[Plantsci] UPDATE: Don't use internet explorer web browser
Marquez, Mario A - (marquezm)
marquezm at email.arizona.edu
Thu May 1 16:17:50 MST 2014
There is a new update for windows computers that fixes the bug on internet explorer, if your computer is set to receive updates
Automatically it should get it tonight if not you can run windows update and do it manually
Mario A. Marquez
Systems Administrator Principal
University of Arizona
College of Agriculture and Life Sciences
School of Plant Sciences
marquezm at email.arizona.edu
Office 520-621-1257
Cell 520-429-2902
[UAriz-CALS-logo-247]
From: Plantsci [mailto:plantsci-bounces at cals.arizona.edu] On Behalf Of Marquez, Mario A - (marquezm)
Sent: Monday, April 28, 2014 1:07 PM
To: plantsci at ag.arizona.edu
Subject: [Plantsci] Don't use internet explorer web browser
Importance: High
A security update should be coming soon in the meantime be careful
Homeland Security: Don't use IE due to bug
Elizabeth Weise, USATODAY<http://www.usatoday.com/staff/793/elizabeth-weise>3:12 p.m. EDT April 28, 2014
[Windows IE]
(Photo: Microsoft)
SHARE 2126CONNECT 396TWEET<https://twitter.com/intent/tweet?url=http://usat.ly/1mRATge&text=Homeland%20Security:%20Don%27t%20use%20IE%20due%20to%20bug&via=usatoday> 14COMMENTEMAILMORE
SAN FRANCISCO – The U.S. Department of Homeland security is advising<http://www.kb.cert.org/vuls/id/222929> Americans not to use the Internet Explorer Web browser until a fix is found for a serious security flaw that came to light over the weekend.
The bug was announced<http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html> on Saturday by FireEye Research Labs, an Internet security software company based in Milpitas, Calif.
"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's United States Computer Emergency Readiness Team said in a post Monday morning.
It recommended that users and administrators "consider employing an alternative Web browser until an official update is available."
The security flaw allows malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website.
Because the hack uses a corrupted Adobe Flash file to attack the victim's computer, users can avoid it by turning off Adobe Flash.
"The attack will not work without Adobe Flash," FireEye said. "Disabling the Flash plugin within IE will prevent the exploit from functioning."
While the bug affects all versions of Internet Explorer six through 10 it is currently targeting IE9 and IE10, FireEye stated.
The attacks do not appear to be widespread at this time. Microsoft said it was "aware of limited, targeted attacks that attempt to exploit" the vulnerability.
These are called "watering hole attacks," said Satnam Narang, a threat researcher with computer security company Symantec in Mountain View, Calif..
Rather than directly reach out to a victim, the hackers inject their code into a "normal, everyday website" that the victim visits, he said. Code hidden on the site then infects their computers.
"It's called a watering hole attack because if you're a lion, you go to the watering hole because you know that's where the animals go to drink."
FireEye said the hackers exploiting the bug are calling their campaign "Operation Clandestine Fox."
Microsoft<https://technet.microsoft.com/library/security/2963983> confirmed Saturday that it is working to fix the code that allows Internet Explorer versions six through 11 to be exploited by the vulnerability. As of Monday morning, no fix had been posted.
Microsoft typically releases security patches on the first Tuesday of each month, what's known as Patch Tuesday. The next oneis Tuesday, May 6. Whether the company will release a patch for this vulnerability before that isn't known.
About 55% of PC computers run one of those versions of Internet Explorer, according to the technology research firm NetMarketShare. About 25% run either IE9 or IE10.
Computer users who are running the Windows XP operating system are out of luck. Microsoft discontinued support of the system on April 8.
Symantec is offering XP users tools to protect themselves, which it has made available on its blog<http://www.symantec.com/connect/blogs/zero-day-internet-vulnerability-let-loose-wild>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.cals.arizona.edu/pipermail/plantsci/attachments/20140501/a498c8d4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 4528 bytes
Desc: image001.gif
URL: <https://list.cals.arizona.edu/pipermail/plantsci/attachments/20140501/a498c8d4/attachment.gif>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00002.txt
URL: <https://list.cals.arizona.edu/pipermail/plantsci/attachments/20140501/a498c8d4/attachment.txt>
More information about the Plantsci
mailing list