UPDATE: This vulnerability has been patched. Internet Explorer users who have automatic updating enabled will not need to take any action. Users who have disabled automatic updating should follow instructions at this link:
Microsoft has discovered a vulnerability that affects all versions of Internet Explorer from Version 6 to current.
Please note the following:
1) Users may continue to use Internet Explorer for Tulane Enterprise systems. There is no risk to IE from Tulane's Enterprise Systems.
2) Use an alternate browser for browsing external websites. We recommend Chrome or Firefox. If you must use IE, please disable Flash. Disabling the Flash plugin within Internet Explorer will prevent the exploit from functioning.
3) At this time, there is no update available from Microsoft and no expected time of resolution. We will update as soon as Microsoft releases a patch schedule.
4) Windows XP will NOT BE PATCHED. If you are still using Windows XP, schedule an upgrade through the TSNOC by writing firstname.lastname@example.org.
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. Again, disabling the Flash plugin within Internet Explorer will prevent the exploit from functioning
Technology Services, Tulane University, New Orleans, LA 70118 -- TSNOC: 504-862-8888 -- email@example.com