MSU Information Technology Center header

Cisco WebEx Vulnerability

MSU Service Providers,

This week a severe vulnerability was discovered in Cisco’s WebEx browser extension (for PCs only) that, when exploited, can allow remote code to be executed on the target machine.

We are still determining the best way to address this issue but wanted to bring it your attention now.

Cisco has begun to release software updates that address this vulnerability, however, only updates have been issued for Google Chrome. No updates are available for IE and Firefox at this time.

Chrome – update extension to version 1.0.7
To ensure the correct version is installed:

  1. In Chrome, open the Settings page (click the vertical ••• icon in upper-right corner).
  2. Click Extensions.
  3. Select the Developer mode checkbox.
  4. Click Update extensions now.

Internet Explorer - no patch is available
Users can take the following steps to ensure the Cisco WebEx Add-on is disabled until a patch has been released:

  1. In Internet Explorer, open the settings menu by clicking the gear icon.
  2. Click Manage Add-ons.
  3. Click WebEx Productivity Tools.
  4. Click Disable.

Mozilla Firefox - no patch is available
Mozilla Firefox has disabled the Cisco WebEx Add-on and it is no longer available to download until an update has been released. This means for now that WebEx will not work on the Firefox browser.

 

Please direct questions to the ITC Service Desk at 994-1777 or helpdesk@montana.edu.

Thank you,

The Information Technology Center

MSU Information Technology Center footer

MSU Information Technology Center
P.O. Box 173245 | Bozeman, MT 59717-3245
www.montana.edu/itcenter | helpdesk@montana.edu | 406-994-1777