Microsoft has released an update that has been deemed critical for Internet Explorer affecting all supported versions from IE7 through 11. Microsoft says that the vulnerability could allow an attacker to take control of an affected system, and went to the somewhat unusual step of releasing patches out of its normal Patch Tuesday cycle for this vulnerability for the second time in a month.
A thorough description of the attack and how it works has not been published, but it is believed to operate on the “drive-by” attack principle. Simply by visiting a page with a malicious component, including specially crafted ads, can exploit the vulnerability.
If you have Automatic Updates enabled in your version of Windows, you need not take any action regarding this vulnerability. The patch will automatically be applied, and you should simply reboot your computer at your earliest opportunity. If you have for some reason disabled Automatic Updates, then you should run Windows Update as soon as possible. To update, simply locate your Search bar, type in “update” without the quotes, and then click on Windows Update. Follow the prompts to install any available updates, and reboot when prompted.
For more information on this vulnerability, you may read the article at this link:
IT Managers may read Microsoft’s detailed description at the following link:
As a reminder, Microsoft no longer supports versions of Windows older than Vista (i.e., Windows 95, 98, 2000, ME, and XP). If you are still using a version of Windows that is unsupported by Microsoft, these vulnerabilities, as well as any newly discovered ones going forward will remain unpatched. NYU TSS strongly recommends that you upgrade your operating system immediately by purchasing a new version of Windows or a new computer.