Just recently, the campus community was informed about a critical vulnerability in the Microsoft Internet Explorer web browser. This vulnerability was severe enough to warrant an alert from the Department of Homeland Security where they recommended users relying on an alternative browser until a patch was released.
The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user and allow the attacker to take complete control of the system.
The Security Services department advised that all users refrain from using the Internet Explorer web browser until a patch was made available from Microsoft. In addition, the Computer Support Services department issued a notice that all Windows XP workstations would be blocked immediately as no patch for this operating system was expected from Microsoft. This was consistent and in compliance with guidance received from the Office of the Chief Information Officer for the State of Washington.
Microsoft has now released a patch for this vulnerability. Even though support for Windows XP security patches was discontinued in early April, Microsoft released a patch for this operating system, as well. Microsoft stated this was done due to the severity of the vulnerability and the potential for many systems being compromised.
The patch is known as KB 2964358 and it should have been deployed to your CWU workstation already. You may have to restart your computer for the update to take effect.