An unpatched vulnerability affecting Internet Explorer versions 6 through 9 has recently been made public. Microsoft is developing a software update to address this vulnerability. The update may be released in an out-of-band patch cycle. In the interim, Microsoft offers the following guidance that can be used as a temporary workaround to mitigate against this threat.
Recommended Actions:
? Be aware if you have administrative rights on your computer. An attacker who successfully exploits this vulnerability could gain the same user rights as the current user. User accounts configured with fewer user rights on a system could be less impacted than accounts with administrative user rights.
? You are the key to great security! In a web-based attack scenario, an attacker could host a website that contains a web page that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, an attacker would have no way to force users to visit these websites. The user must visit the compromised website, typically by clicking a link in an email message or Instant Messenger message that leads to the attacker’s website.
Remember: NEVER send passwords via e-mail. TU?s Office of Technology Services staff will never ask for your password.
