April 30, 2014
Avoid Internet Explorer until vulnerability fixed
On April 26, Microsoft notified customers of a vulnerability in Internet Explorer that affects browser versions 6 through 11. This vulnerability has the potential to allow attackers to run malicious code on vulnerable machines when users visit compromised or malicious websites. The Department of Homeland Security confirms that they are aware of active exploitation of this vulnerability in the wild.
Although browser vulnerabilities are common, they are normally patched quickly – often before announcement of the vulnerability is made public. In the case at hand, Microsoft has not made a fix available or made known when a fix would be forthcoming. As such, we advise users to choose an alternative browser until the Internet Explorer vulnerability can be patched.
For more information see:
- https://technet.microsoft.com/en-US/library/security/2963983
- http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being
Robert Vaile
Chief Information Security Officer