Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office files. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document. The attacker would then have to convince you to open the malicious document.
LISA has taken some measures to mitigate these attacks. LISA can only take these measures on workstations it manages. For other workstations, including your private computer, you have to help us keep us all safe.
- LISA has improved the detection mechanismes on managed workstations.
- LISA will disable the activation of new ActiveX controls on managed workstations as soon as possible. (If you are working off-campus, make a VPN connection to get the latest configuration)
We ask you to take some measures too.
- Don't open attachments without carefully checking that you know the sender AND that the type of document you received is something they would send you. If in doubt, always verify by the sender immediatly. Preferably in another way than a reply to the email received.
- Make sure your anti-virus software is running and up-to-date.
- Disable new ActiveX controls on your computer, if LISA has not already done so. If you do not know how, contact the Servicedesk ICT (053 489 5577).
If you are afraid you have already been infected, turn off your computer and inform CERT-UT (cert@utwente.nl, (053 4589) 1313).
