Summary
Microsoft just released a fix for a serious flaw in the Windows system that is used to view images. If a user is tricked into viewing a compromised image, such as on a malicious website or within an e-mail attachment, that person's computer could be infected. This flaw affects all versions of Windows operating system, with Windows XP being most at risk.
We urge all clients to update their operating system patches via Windows Update, as soon as possible to avoid contamination. This flaw was first identified on December 29th; ITS, in cooperation with the campus Technical Coordinators, implemented several stop-gap measures to reduce the chances of campus systems becoming infected. One of these temporary measures prevents clients from previewing pictures (thumbnails) on their computers, and will remain in place until next Tuesday, January 10 to ensure that computers have had sufficient time to be patched.
How To Patch Your Computer
These steps will work with each version of Microsoft Windows:
-
-
Microsoft will scan your system to identify needed patches.
-
If you are presented with two installation options, "Express Install" or "Custom Install", select Express Install.
-
Once the needed patches are applied, please shut down and restart your computer. Your system will now be patched.
What if I'm Already Infected?
If you suspect your system has been affected by this exploit, please contact your Technical Coordinator or the ITS Help Desk (442-3700) for assistance.
Microsoft offers documentation explaining the nature of this exploit at: http://www.microsoft.com/technet/security/advisory/912840.mspx
