Update: Security vulnerability in Internet Explorer could allow remote code execution


Update: May 5, 2014
Last week Microsoft released a Windows update to address the security vulnerability in Internet Explorer.  This update was remotely deployed to McGill's centrally-supported computers on Friday, May 2 via the Campus Windows Server Update System (WSUS). Note that Microsoft made the decision to also offer the update for Windows XP. You may be prompted to restart your computer.

Please be sure to run Windows Update on all computers that are not configured to automatically install updates from the WSUS, including your home computers.

Original Announcement - April 28, 2014
In response to a newly announced vulnerability in Microsoft's Internet Explorer (IE) browser, there is need for heightened security awareness when accessing the web.

The vulnerability affects ALL versions of Internet Explorer. Microsoft is working on a fix for the vulnerability. Attackers have been using this vulnerability to execute code on vulnerable systems simply by convincing users to browse to a malicious website.

We recommend using an alternate browser (Chrome, Firefox, Safari, etc.) until a patch for IE has been released. If you still use Windows XP on a personal computer, keep in mind that no patch will be made available for Windows XP since Microsoft ended support for the operating system on April 8, 2014. 

As always, avoid clicking on any unfamiliar links in your email or sent through instant message. Hover over links and try to ensure the links are navigating you to your intended destination. If you are unsure how to identify malicious websites, we encourage you to take the IT Security Awareness online course.

Note that if you use Internet Explorer to access internal McGill systems, such as Banner, Minerva, etc. this will not pose a risk.

For more technical information, see Microsoft's Security Advisory.