The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. Attackers will persuade individuals to take action via a link, E-Mail message or attachment that will direct you to an attacker’s website.
Use bookmarks to access websites or type in a site URL directly to reduce the risk of accessing infected pages via malicious phishing E-mails or fraudulent links. Be careful where you click. The safest recommended strategy is to use an alternate Internet browsers such as Firefox and/or Google Chrome when accessing websites outside of Purdue. If you are unable to use other Internet browsers an additional suggestion is to make sure that your Microsoft Internet Explorer browser is in protected mode. You can check by opening Internet Explorer, click on tools, click on Internet options, click on security tab and at the bottom make sure the protected mode box is checked. Turning protected mode on will require you to restart Internet explorer. This will help safe guard data in the event an attacker tries to exploit a browser or add-on flaw.
Information Services is taking measures to makes sure that Internet Explorer remains in protected mode on all University computers.
If you have any questions or concerns please call the Customer Service Center at extension 2888 option 2.
For more information on the Microsoft Internet Explorer vulnerability please visit the Purdue University link below: