Microsoft has confirmed that an Internet Explorer exploit exists and is actively being used by attackers. Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.
Microsoft says that they have only seen attacks against Internet Explorer 6. The IT Security and Policy Office recommends that users upgrade to the latest version of Internet Explorer and set the browser security to High (see instructions at bottom). We suggest using an alternate browser such as Firefox, Chrome, or Opera at least until Microsoft releases a patch for this vulnerability.
See Microsoft Security Advisory (979352) for more information.
- Internet Explorer 8 - http://tigerware.lsu.edu/title.aspx?id=1386
- Mozilla Firefox 3.5.7 - http://tigerware.lsu.edu/title.aspx?id=1660
- Google Chrome 2.0 - http://tigerware.lsu.edu/title.aspx?id=1730
- Opera 10.10 - http://tigerware.lsu.edu/title.aspx?id=1362
To raise the browsing security level in Internet Explorer, follow these steps:
- On the Internet Explorer Tools menu, click Internet Options.
- In the Internet Options dialog box, click the Security tab, and then click the Internet icon.
- Under Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.
Note If no slider is visible, click Default Level, and then move the slider to High.
Note Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.