OS/Platform/Application:

Microsoft Internet Explorer (all versions)

Category: ALERT
Severity: HIGH
Attention: Internet Explorer users, System Administrators, Desktop Support Personnel.

Summary: On December 17 2008 Microsoft released Security Bulletin MS08-078 to address a critical security vulnerability in all common versions of its popular Internet Explorer web browser.  The most likely mechanism of exploit is the viewing of a maliciously-crafted website* by a vulnerable computer.  Successful exploitation of this vulnerability could result in a range of unfavorable outcomes including complete system takeover.  According to several Internet security agencies this vulnerability is being actively exploited on the Internet right now.

Recommended Actions:  Internet Explorer users, system administrators, and support personnel are strongly urged to apply the update as soon as possible (safe links provided below).

*It is important to note that recent research into the nature and trends of maliciously-crafted sites shows the majority of websites hosting maliciously-crafted software are ones users presume to be "legitimate" sites or advertisements for well-known and/or trusted products.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: Updates will be pushed out via the Windows Update Service to systems that are part of the Active Directory Forest (UALBANY, LIB, and CAS).

Resources:
Microsoft Security Bulletin MS08-078:
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

Windows update page:
http://windowsupdate.microsoft.com