Microsoft Internet Explorer Zero-Day Vulnerability

Last Updated: 09/01/2014

Security Notice Level

SEVERE

Microsoft has released a security advisory for an Internet Explorer zero-day vulnerability, which is an attack or threat that exploits a previously unknown vulnerability in a computer application and has not yet been addressed or patched by the vendor. The vulnerability affects all supported versions of Internet Explorer.  It is reported systems are being compromised when the vulnerability is exploited.

Affected Software

Microsoft Internet Explorer 6-11

The IT Security Office recommends using an alternate web browser until a patch is released by Microsoft. For more technical owners, Microsoft suggests the Enhanced Mitigation Experience Toolkit 4.1 (EMET) to help block the attack. [1]

Security Bulletin Name

US Cert: Microsoft Internet Explorer use-after-free vulnerability

Microsoft Security Advisory 2963983

Additional Information

Additional information about this vulnerability can be viewed at:

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu.