Security Alert: WebEx Windows Browser Vulnerability
Date:
2017-01-25 05:00:00
Status:
Closed
Brief Description:
A vulnerability has been detected in the extension used by WebEx to run in all Windows browsers except Edge. Update WebEx extensions or switch to Zoom and uninstall WebEx.
Current Status:
WebEx has provided updated components for Firefox and Internet Explorer that close the vulnerability. Anyone continuing to use WebEx should immediately apply these updates (see below) and the previously announced update for Chrome.
Since support is being ended for WebEx in June, you may instead want to switch to the new supported web conference service, Zoom, and use the WebEx uninstall tool to clear all WebEx components from your computer and eliminate associated vulnerabilities.
Zoom service page: http://it.cornell.edu/zoom
WebEx removal tool: https://help.webex.com/docs/DOC-2672
Mozilla Firefox
Version 106 of the ActiveTouch General Plugin Container for Mozilla Firefox was released on January 28, 2017 and contains a fix for this vulnerability. Mozilla users can ensure they are using the fixed version of the ActiveTouch General Plugin Container for Mozilla by:
1. Clicking the menu button (three horizontal bars on the upper right of the application) and selecting Add-ons.
2. In the Add-ons Manager tab, click the Plugins panel
3. Locate the ActiveTouch General Plugin Container in the list of Plugins and click on the More link to obtain the version information
Microsoft Internet Explorer
Version 10031.6.2017.0127 of the GpcContainer Class for Microsoft Internet Explorer was released on January 28, 2017 and contains a fix for this vulnerability. Internet Explorer users can ensure they are using the fixed version of the GpcContainer Class for Internet Explorer by:
1. In Internet Explorer, select the Tools button
2. Select Manage add-ons
3. Select All add-ons from the Show drop-down menu
4. Select the GpcContainer Class add-on under Cisco WebEx LLC
Since support is being ended for WebEx in June, you may instead want to switch to the new supported web conference service, Zoom, and use the WebEx uninstall tool to clear all WebEx components from your computer and eliminate associated vulnerabilities.
Zoom service page: http://it.cornell.edu/zoom
WebEx removal tool: https://help.webex.com/docs/DOC-2672
Mozilla Firefox
Version 106 of the ActiveTouch General Plugin Container for Mozilla Firefox was released on January 28, 2017 and contains a fix for this vulnerability. Mozilla users can ensure they are using the fixed version of the ActiveTouch General Plugin Container for Mozilla by:
1. Clicking the menu button (three horizontal bars on the upper right of the application) and selecting Add-ons.
2. In the Add-ons Manager tab, click the Plugins panel
3. Locate the ActiveTouch General Plugin Container in the list of Plugins and click on the More link to obtain the version information
Microsoft Internet Explorer
Version 10031.6.2017.0127 of the GpcContainer Class for Microsoft Internet Explorer was released on January 28, 2017 and contains a fix for this vulnerability. Internet Explorer users can ensure they are using the fixed version of the GpcContainer Class for Internet Explorer by:
1. In Internet Explorer, select the Tools button
2. Select Manage add-ons
3. Select All add-ons from the Show drop-down menu
4. Select the GpcContainer Class add-on under Cisco WebEx LLC
Services Affected:
Web and Video Conferencing
Full Description:
A vulnerability has been detected in the extension used by WebEx to run in all Windows browsers except Edge. Update the extensions for Chrome, Firefox, and Internet Explorer.
Cornell support for WebEx will be retired entirely June 2017. You can switch to the recommended service, Zoom ( http://it.cornell.edu/zoom ) and uninstall WebEx components from your computer.
Cornell support for WebEx will be retired entirely June 2017. You can switch to the recommended service, Zoom ( http://it.cornell.edu/zoom ) and uninstall WebEx components from your computer.
CIT TDX ID: