|Bash (Shellshock) Vulnerability||Friday, September 25, 2014|
|Internet Explorer Vulnerability||Wednesday, April 30, 2014|
|Heartbleed Vulnerability||Wednesday, April 16, 2014|
Recently, a new security vulnerability affecting the Mac OS X, Linux, and Unix operating systems was discovered. The vulnerability has been named Shellshock, and allows an attacker to remotely execute commands. Apple is aware of the vulnerability and is working quickly to provide a software update for OS X. According to Apple, unless a user configures advanced UNIX services on a Mac, the system is not at risk. A fix has already been provided for Linux operating systems via normal update methods. Microsoft Windows is not affected by this vulnerability. Additional details regarding the impact can be found here.
This advisory is also being provided as a courtesy for you as your personal computer systems may not have the protections we have in place at Mercer. Follow the steps below to mitigate the risks to your personal computer:
- Keep Windows Updates current.
- Keep Adobe Flash Updates current.
- Run Internet Explorer in “Enhanced Protected Mode” configuration and 64-bit process mode, which is available for IE10 and IE11 in the Internet Options settings:
Micrsoft Security Advisor
CNET has created a website to check the vulnerability status of many popular websites, and if a site you use frequently is not listed on this page, the Qualys SSL Labs website will allow you to check the status of any web address. Although Mercer's systems have not been affected by this vulnerability, we urge all Mercer employees and students to follow these Security Best Practices guidelines.