That news followed by just weeks worldwide concern about the Heartbleed vulnerability, malware aimed at widely used OpenSSL encryption technology. For that one, the general advice was to change passwords. For the IE vulnerability, it's to download the patch or quit using the browser completely.

"We notified our members that our home banking vendor notified us that they were unaffected," Unger said of the Heartbleed vulnerability. "As for Internet Explorer, we used the patch that was sent out last week by Microsoft to resolve that vulnerability. We also handled it internally by requiring staff to use another browser other than IE."

Some larger credit unions took a similar approach. "STCU has not yet posted a warning to members on our website regarding the much-publicized IE vulnerability, though we may. Our preference is to engage members in two-way conversations about issues like this one," said Dale Davaz, director of e-business at the $1.9 billion Spokane Teachers Credit Union in Spokane, Wash.

"So far as website announcements, as a general rule our practice is this: we don't publicize online threats unless there is a specific danger to members posed by the online services that we specifically offer," Davaz said. "We're reluctant to set an expectation with our members that we take responsibility for mitigating every particular risk associated with their online activity."

He added, "We encourage a general ethic of safe and secure online practices instead, which we think keeps the responsibility for specific safe practices where it belongs and serves members best in the long run."

That strategy entails making staff aware of the situation so that they can inform members in direct conversations and in online discussion through social media.

That's similar to the approach at the $398 million Nassau Financial Federal Credit Union in Westbury, N.Y., where Chief Information Officer Robert Reh said the threat is being taken seriously, but that his credit union has already tried to minimize Internet Explorer in the past as a problem.

"For many years Nassau Financial FCU has routinely recommended to members and employees to use Mozilla Firefox as a browser rather than IE wherever possible," said Reh, a longtime member of the CUNA Technology Council and its executive committee.

He said that reminder was issued again a few days ago and that the credit union itself is protected by its internal systems.

"Once Microsoft issued a hotfix for IE, our patch management system deployed it automatically as well," Reh said. "We have no reports so far of any issues as a result of this vulnerability, and don't really expect any thanks to the measures we had already in place."

Others are going online. For instance, the $313 million Belvoir Federal Credit Union in Woodbridge, Va., posted a warning on its home page at www.belvoircreditunion.org and updated it with the patch after it was issued by Microsoft.

Internally, said Belvoir Federal Chief Information Officer George Ksenics, "We held a debriefing meeting with the IT staff and determined a game plan for replacing IE. The IT and marketing department communicated the IE threat and plan of action to staff. We installed an alternative browser on all computers for staff to utilize, blocked IE traffic, and addressed any affected vendors using IE. Once the issue was resolved, IT unblocked IE from employees' computers."

As the warnings and reports of possible attacks across industries went viral, the credit union trades and vendors also reacted.

"For our operations in both Washington and Madison, we recommended that folks stop using Explorer (our default browser here) and employ alternatives (which many already had available to them – such as Google Chrome or Mozilla Firefox) for the short term," CUNA spokesman Pat Keefe said in an email. "Based on what we've heard from credit unions, many of them took the same or similar actions."

CUNA Mutual Group also issued alerts to its policy holders that included similar warnings. "Credit unions should ensure the security update for Internet Explorer is downloaded and installed as soon as possible. Members should also be notified of the security update," said the statement from CUNA Mutual Group Risk Management provided by spokesman Phil Tschudy.

Industry giant Fiserv Inc. said in its statement, "We advised clients of the Microsoft Security Advisory on this issue, and recommended that they assess the advisory and its suggested actions, and proceed as they deem necessary – an approach that we followed in our own organization."

Scott Bush, CTO at Share One, a Memphis, Tenn.-based core processing CUSO, said it has received a few calls from its 105 credit union customers. "Our technical staff is fielding all questions and making suggestions that cover every workstation running Internet Explorer," Bush said

The 300-client FLEX in Sandy, Utah, also reached out. As soon as it heard of the breaking news about the threat, FLEX said, it emailed its core processing customers to advise them, when possible, to temporarily halt use of Internet Explorer until a fix has been issued.

"In this message, we also urged credit unions to consider advising their members to employ the use of other browsers (such as Chrome or Firefox) until a fix has been issued," said an email from SVP Sean Holcomb at FLEX in Sandy, Utah.

"Now that Microsoft has issued a fix for the flaw, we are encouraging our clients to ensure their IT policies are up to date, and that all users are allowing pushed updates from Microsoft as well as Adobe. We are advising our credit union clients to do the same with their members," Holcomb said.

He added, "Due to the swift response of Homeland Security, and the attention this flaw has received, we believe this threat will be limited.

"I hope this will bring to light the need for increased focus on credit unions ensuring security updates are accepted and installed in a timely manner throughout their respective networks."