Microsoft has released updates a security advisory for certain versions of Internet Explorer. Vulnerable versions are susceptible to remote code execution.
Microsoft has released a fix-it, but no update has yet been released. The IT Security Office advises applying the fix-it and workarounds (see links below) as soon as possible.
Internet Explorer 6,7 and 8
Internet Explorer 9 or newer
Security Bulletin Names:
Microsoft Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Released: December 29, 2012
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or email@example.com. Email and phone help is available Mondays through Thursdays, 7:00 a.m. to 10:00 p.m.; Fridays 7:00 a.m. to 7:00 p.m.; and Saturdays and Sundays, noon to 6:00 p.m.
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.