Beware of latest security bugs in Internet Explorer and Adobe Flash Player

Note: Microsoft has released a security patch for Internet Explorer 6 through 11 running on x86 and x64 Windows clients and servers. For Windows users, this update will require a reboot. You should consult with your unit’s IT personnel to determine when your computer will be patched.

OIT strongly encourages you to update your personal Windows computers on the NCSU network and to patch your home computers as well. For more details, see:

Both Microsoft and Adobe have recently discovered security bugs in their products that could allow hackers to remotely gain access to a user’s computer. Depending on the user’s access rights, the hacker can change or delete data, create new accounts and install programs without the user’s knowledge.  

The unpatched vulnerability exists in:  

  • Microsoft Internet Explorer 6 through 11 
    Microsoft does not currently have a patch scheduled to update Internet Explorer (IE).  

Adobe has already released patches for the following versions:

  • Adobe Flash Player and earlier versions for Windows
  • Adobe Flash Player and earlier versions for Macintosh
  • Adobe Flash Player and earlier versions for Linux

The Office of Information Technology encourages you to protect yourself by following these recommendations:

Internet Explorer

  • Use an alternate browser until a patch is available for those affected versions of Internet Explorer, unless IE is required for a specific application.
  • Run IE with Protected Mode enabled.
  • Set Internet and Local intranet security zone settings to “High.”

Adobe Flash Player

  • Install Adobe Flash Player updates immediately.
  • Consider using Qualys Browsercheck to verify you’re using the latest versions of Web browsers and plug-ins.

You should not:

  • Visit untrusted websites or follow suspicious links from known or unknown sources.
  • Open email attachments from unknown or suspicious sources.

For additional information, see:

This information is also available via SysNews