Confirmed exploits in the wild have been reported for a vulnerability in Internet Explorer 8. There is currently no patch available. The vulnerability can be exploited by a simple drive-by attack which will allow adversaries to install malware on your computer without any user action necessary. This means you could be infected simply by visiting a legitimate website that has been compromised and hosting the malicious code. The vulnerability was already leveraged in a targeted attack on the U.S. Department of Labor.
1. We recommend that all users stop using the Internet Explorer 8 web browser immediately.
2. On Thursday, May 9, Microsoft released a workaround that acts as a temporary fix until a patch is released. The fix is available at https://support.microsoft.com/kb/2847140 .
Continue reading “K-Staters advised to stop using Internet Explorer 8 browser immediately”
Instances of Internet Explorer 6 (IE6) and IE7 will be upgraded to IE8 on April 1. For campus computers who use K-State’s central Windows Server Update Services (WSUS), this update will be pushed out automatically. System administrators managing their own WSUS environment or using some other way to manage application updates on Windows computers are urged to do the same.
IE8 provides enhanced security that makes it a safer browser to use in addition to other features. Note: IE8 will look different from IE6 and IE7 and take some getting used to. Continue reading “Reminder: Internet Explorer 8 update to occur April 1”
Before people escape to their spring break destinations, be aware that Internet Explorer version 6 (IE6) and version 7 (IE7) will be upgraded to version 8 (IE8) at K-State on April 1 for security and application compatibility reasons. Since the original announcement, no one has raised any issues against the upgrade — on the contrary, many have applauded the move. Thus, we plan to proceed with the upgrade as originally planned.
This update will be applied to university computers that use the central WSUS server. System administrators who manage their own WSUS servers are encouraged to apply the update as well. Computers that do not have Microsoft patches managed by any WSUS server should manually update to IE8 if they have not already. If you are unsure what category you fit into, contact your IT support person or the IT Help Desk.
Continue reading “Reminder: IE6/IE7 upgrade to IE8 on April 1”
Internet Explorer, the most widely used web browser in the world, has often been in the news of late because of its involvement in the recent, well-publicized hack of Google and other corporations, allegedly by the Chinese government. Since a vulnerability in Internet Explorer 6 (IE6) is alleged to be one of the ways the hackers got into Google’s network, Google has joined the chorus of companies planning to phase out support for IE6 and are urging users to upgrade to Internet Explorer 8 (IE8). That chorus includes Facebook, YouTube, Digg, some European governments, and even Microsoft itself. There was even an “IE6 Must Die” petition on Twitter.
Now K-State is joining the chorus too. SIRT is proposing that on April 1, remaining instances of IE6 on campus be upgraded to IE8. For campus computers that use K-State’s central WSUS server, this update will be pushed automatically. System administrators managing their own WSUS environment or using some other way to manage application updates on Windows computers are urged to do the same.
If you have concerns about this update being pushed to campus computers on April 1, please discuss it with your SIRT representative or Harvard Townsend, K-State’s chief information security officer and chair of SIRT.
Continue reading “Internet Explorer 6 (IE6) to be updated to IE8 on April 1”
On March 19, Microsoft released Internet Explorer 8 (IE8), its next-generation web browser. While it has several useful security features, people should talk to their IT support staff before switching to IE8 since it has not been thoroughly tested with K-State enterprise applications like iSIS and K-State Online.
Recalling the application incompatibilities experienced when IE7 replaced IE6; proceed cautiously with plans to upgrade to IE8. Microsoft did try to deal with the IE6-to-IE7 fiasco this time by including a “Compatibility View” in IE8 that should correctly display pages incompatible with IE8, but again this needs to be tested thoroughly.
Continue reading “Use caution when considering Internet Explorer 8”