Microsoft has released a security advisory concerning a flaw in Internet Explorer (IE), a web browser for Windows operating systems. This flaw could allow an attacker to execute code if a user visits a specially crafted website designed to exploit this vulnerability. The attacker could also take advantage of compromised websites that accept or host user-provided content or advertisements.

The vulnerability can exploit IE versions 6-11. Microsoft is currently looking into the problem and will take appropriate action, most likely a patch contained in their monthly security updates. (Note: Microsoft is no longer issuing patches for Windows XP.)

Recommendations

Medical Center physicians, faculty, and staff should contact their local IT administrator for further guidance. University IT recommends that non-Medical Center faculty, staff, and students take the following precautions on Windows devices:

• Limit your use of the Windows IE browser to websites hosted by the University or websites used for official University business. Where possible, use Chrome or Firefox as an alternative browser until Microsoft releases an official patch.
• Ensure your computer is running up-to-date antivirus software. The University provides Sophos Antivirus for free to faculty, staff, and students.
• Upgrade your computer to Windows 7 or 8. Upgrades are available for purchase through University IT Computer Sales.
• Be on the lookout for suspicious and unsolicited emails that request you click on a link.
• Report anything suspicious to the IT Help Desk at 275-2000.

For assistance, contact your local IT support administrator or the IT Help Desk at 275-2000.