Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2008
December
Security Alert -Critical Microsoft Security Update MS08-078 for Internet Explorer (Windows)
Final Survey: Help Us Protect the Carnegie Mellon Community from Identity Theft study
Security Alert - Restrict Microsoft Internet Explorer Usage (Windows) - Unpatched Vulnerability - Attacks Underway
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Training & Education
Technical Support & Services
Campus Partners
Information Security Office (ISO)

Security Alert: Critical Microsoft Security Update MS08-078 for Internet Explorer (Windows)

Who:  Windows users who run Internet Explorer

What:  Microsoft Windows Computer users

When:  December 19, 2008

How:

An attacker may be able to take complete control of your computer when you visit a maliciously crafted web page with Internet Explorer on Windows. You need to install and run Microsoft Update to safely continue using Internet Explorer. 

If you suspect your computer has already been compromised, STOP! Take the following steps:

  1. Disconnect from the network - turn off wireless or unplug the wired network cable.
  2. Discontinue use of the machine but DO NOT power off.
  3. Contact the Information Security Office at (412) 268-2044 or iso@andrew.cmu.edu or your departmental computing administrator/DSP consultant for further instructions.

These steps are excerpted from Responding to a Compromised Computer .


If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.


What You Need To Do:

NOTE: You must login with an administrative account/password to complete steps marked with ***.

  1. Upgrade to Microsoft Update***
    NOTE: Skip this step if you have previously upgraded to Microsoft Update or are using Windows Vista. Repeating this step is harmless if you are unsure whether you have already upgraded to Microsoft Update.  Upgrading to Microsoft Update allows updates to Microsoft Office and other Microsoft products to be delivered all from one web site as well as installed automatically if you have Automatic Updates enabled.

    Windows Vista: Follow the Turn on Windows Automatic Updating steps from Securing Windows Vista Computer
    Windows XP: Follow the Upgrade to Microsoft Update steps from Securing Your Windows XP Computer
     
  2. Run Microsoft Update ***
    NOTE1: If your computer is configured for Automatic Updates (highly recommended), it may have already applied the update and you will see zero High Priority updates when running Microsoft Update.
    NOTE2: Once you install Microsoft Update, all links to Windows Update will forward to Microsoft Update automatically.

    See Microsoft Update Instructions:
    Windows Vista
    Windows XP
     
  3. Ensure You Reboot Your Computer If Prompted by Windows
    The update will require a reboot and will periodically prompt you to reboot until you do so.  Please reboot AS SOON AS POSSIBLE when prompted.  This is especially important for laptop users who normally hibernate/standby their machines rather than rebooting.
     
  4. Secure Your Computer***
    As always, following guidelines for secure computing generally reduces your risk of impact from this and other vulnerabilities.
    Windows Vista instructions
    Windows XP instructions

More Technical Information:

Contact:

Please direct any questions or comments to the Computing Services Help Center at x8-HELP (4357) or advisor@andrew.cmu.edu or to your departmental administrator/DSP consultant.