May 1, 2014, update
- Microsoft has released an out-of-band update (patch), MS14-021, for the Internet Explorer vulnerability reported below.
- In addition, Adobe has released a patch for Adobe Flash Player (see Adobe Security Bulletin) that blocks the ability to exploit the Internet Explorer vulnerability through Adobe Flash.
Recommendation for Individuals
- Use Windows Update to check for updates and apply this update. If you have set your computer for automatic Windows updates, the update will be made automatically. Once the update has been applied, you can safely use Internet Explorer.
- If you use Adobe Flash Player, also apply the Adobe patch. Instructions are provided in the Adobe Security Bulletin.
If you use a MiWorkspace computer, you do not need to do anything. The Microsoft update and Adobe patch are both being applied to MiWorkspace computers.
Recommendation for U-M Units
ITS IIA recommends that units apply both patches after testing.
Avoid Using Microsoft Internet Explorer Until Vulnerability Is Patched
April 29, 2014
A vulnerability has been discovered in Microsoft Internet Explorer (IE) that could allow an attacker to gain access to an affected computer. IE versions 6 through 11 are affected.
ITS IIA Recommendation
- Avoid using Internet Explorer until a patch is available and has been applied to your version of IE. Use an alternate web browser such as Chrome or Firefox.
- Some U-M systems require Internet Explorer for full functionality. You can use IE for access to these trusted U-M systems if necessary.
IIA is continuing to monitor reporting on this vulnerability and will keep this page updated with the latest information we have available. If you have questions, please contact the ITS Service Center.