There is a zero-day vulnerability that affects all versions of Internet Explorer (version 6-11) and is being actively exploited. The vulnerability, CVE-2014-1776, allows data thieves to have unfettered access to data stored on the computer. Furthermore, the vulnerability has been confirmed to crash Internet Explorer on Windows XP. This is the first vulnerability that will not be patched for Windows XP users as Microsoft ended support for Windows XP on April 8, 2014.
Microsoft has announced the use of Enhanced Mitigation Experience Toolkit (EMET) 4.1 and above can help to mitigate the vulnerability while a patch is being developed, as well as enabling Enhanced Protected Mode in IE 10 and 11. Microsoft has released a workaround by unregistering a DLL file that should make the system immune from attacks. However, care should always be taken when making registry entries.
Industry leaders, including the US Computer Emergency Response Team have recommended to stop utilizing Internet Explorer until the vulnerability has been patched. Microsoft, US CERT, and Symantec agree that all Windows XP machines should be upgraded to a newer, supported version of operating system software immediately.
At this time, there have been no reports of the vulnerability being exploited on UNL systems but all users should take care and follow these suggestions:
1) Make sure all computer software is up to date and is utilizing the latest patches or service packs. This includes Windows and Mac OS, Adobe products, Java, and anti-virus signature files such as used in Symantec.
2) Do not open URL links or attachments from email that you were not expecting.
3) Run an anti-virus scan on your computer (this includes Mac OS computers).
4) Consider utilizing a malware scanner on your computer such as Malware Bytes or HitMan Pro and scanning for malware on your Windows based computer.
5) Backup data stored on your computer’s hard drive(s).
6) Use Firefox, Safari or Google Chrome when possible.