Information on Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776)

This article provides information about the vulnerability in Internet Explorer that can allow Remote Code Execution.

On April 26th, 2014, Microsoft released details of a newly discovered bug that was found in Internet Explorer (IE) versions 6, 7, 8, 9, 10 and 11 running on versions of Windows XP or later. The bug, more technically known as vulnerability, may allow attackers to inject and execute malicious code on a user's computer without their knowledge.

Microsoft has released a detailed security advisory about the vulnerability, Microsoft Security Advisory 2963983. This vulnerability is commonly identified by the identifier: CVS-2014-1776. You may also see references to it in the media as Operation Clandestine Fox.

What action should I take?

  1. Microsoft has released a patch for this vulnerability for all operating systems including Windows XP. The patch will be automatically downloaded and installed if you have configured to get automatic updates from Microsoft. However, if you have turned off automatic updates, we recommend that you run Windows Update manually as soon as possible. To know more details about the Security update, read Microsoft Security Bulletin MS14-021.

    If you are a Norton user still using Windows XP, you are protected once you get the latest Window update. However we encourage you to upgrade to a later version of Windows as soon as possible. Your existing Norton subscription can be transferred to the new operating system or computer. To know more, read Migrate your Norton product to a new version of Windows.

  2. Norton customers running a Norton security product are already protected against attempts to exploit the bug (vulnerability). Norton products providing this protection include:

    • Norton AntiVirus

    • Norton Internet Security

    • Norton 360

    • Norton Security

    • Norton Security with Backup

    You must have a current Norton subscription and up-to-date virus definitions and signatures to receive this protection. To know about your Norton subscription status, read Is my computer protected?

    Norton Protection leverages both antivirus and an intrusion prevention engine to deliver this protection by the following signature updates:

Symantec is not responsible for the reliability of any data, opinions, advise, or statements made on third-party sites. Symantec provides these links merely as a convenience. The inclusion of such links does not imply that Symantec endorses, recommends, or accepts any responsibility for the content of such sites.

Thank you!

Thank you for using Norton Support.

< Back

Was this information helpful?

DOCID: v98738922_EndUserProfile_en_us
Operating System: Windows
Last modified: 05/22/2015