ALERT: Apply Microsoft update to fix IE vulnerability

02/12/2020

The information below was sent to U-M IT staff groups on February 11, 2020. It is intended for U-M IT staff who are responsible for university machines that have Microsoft Internet Explorer (IE) installed, as well as individuals who have IE on their own devices.

Summary

An update is now available for Microsoft Internet Explorer (IE) to fix the critical vulnerability reported on January 20. Apply the update as soon as possible after appropriate testing. Continue to use an alternative web browser until after you have applied the update.

Problem

In January, a remote code execution (RCE) vulnerability was found in the scripting engine of the Internet Explorer (IE) web browser. An update was not available at that time. See Information Assurance Alert: Avoid IE until vulnerability is patched for details. Microsoft released an update today that fixes the vulnerability.

Affected Versions

All supported Windows desktop and Server OS versions of Microsoft Internet Explorer (IE).

Action Items

Apply the update as soon as possible after appropriate testing. Run Windows Update to update IE. Continue to use an alternative web browser until you have applied the update.

Information for Users

If you have Microsoft Internet Explorer (IE) installed on your own devices that are not managed by the university, it is best to set it to update automatically. Update IE by running Windows Update. Continue to use an alternate web browser until after you have updated IE.

In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Phishing & Suspicious Email, Secure Your Devices, and Secure Your Internet Connection on the U-M Safe Computing website.

Security