Summary:  On July 5 2005 Microsoft released an update to its Security Advisory 903114. Advisory 903114 lists the details of a vulnerability in Internet Explorer which could allow a specifically-crafted website to serve as the launching point for an attack on a vulnerable Internet Explorer browser. The outcome of this attack may range from unexpected closure of the browser to total takeover of the host system. The vulnerability is linked to the presence of a specific dll file (JAvaprxy.dll) that is not common to -all- installations of Microsoft Windows software, but may have been installed by one of several innocuous applications/programs.

An exploit for this vulnerability has been made publicly available; although Microsoft has not yet provided a security patch for this vulnerability it has made available several workaround strategies in Advisory 903114.

Recommended Actions:  System administrators and support personnel are encouraged to read the advisory (see link below) to determine if their systems host the vulnerability/dll file and whether any of the suggested workarounds are applicable to their environment.

ITS Actions:  At this time, ITS is not taking any additional steps to address this situation.

Resources:
Security Advisory 903144: