power down machines over the long weekend

November 22, 2005

We of course have a holiday break coming up and ask that, where possible, you power down machines over the long weekend. One reason to do this is a new publicly known vulnerability in Windows Internet Explorer (IE). This vulnerability could allow complete control of a Windows system remotely if the system is used to browse to a malicious web site using IE. According to SANS ISC (http://isc.sans.org) this exploit is not being used "in the wild" but we wanted to simply bring awareness on the issue.

The work around for this exploit is to disable "Active scripting" within IE. However, this may break some JavaScript functionality for IE users.

Tools --> Internet Options --> Security Tab --> Custom Level
(you will see "Active scripting" near the bottom, click disable)

Here is a link to an article that describes the exploit in more detail.
http://www.eweek.com/article2/0,1759,1891749,00.asp? kc=EWRSS03119TX1K0000594

Finally, if anyone on this list suspects that this vulnerability is being exploited within UNM, please email security@unm.edu.

Have a great holiday,

--
Nick Pappas

/**************************************
IT Security Administrator for CIRT-IRC
papy@unm.edu, security@unm.edu

University of New Mexico
2701 Campus Blvd NE
Albuquerque, NM 87131
**************************************/

UNM entry by mjh at 06:11 PM | email this