WARNING: Windows vulnerability with active exploits (Update)

A vulnerability has been discovered in the graphics engine found in all versions of Windows that allows an attacker to run arbitrary programs on a fully patched Windows system. Various exploits for this vulnerability are now spreading, through image files on websites, through image attachments to email messages, and through files shared via instant messenger (IM) and peer-to-peer (P2P) applications. Microsoft has not yet released a patch, although they expect to release one during the monthly Windows patch set due on January 10th.

There are a number of ways that a Windows machine can be affected:

1. Browsing a website that contains an infected file 2. Opening an email that contains an infected file 3. Viewing an email that contains an infected file in the preview pane 4. Opening an infected file downloaded via IM or P2P 5. Browsing a directory that contains an infected file 6. Single-clicking on an infected file 7. Indexing a directory that contains an infected file

Since there are so many ways that a Windows machine can be compromised by this vulnerability, it is essential that everyone practice safe computing ( http://www.itservices.ubc.ca/security/itsecurity101.html ). Until a patch is released, here are some tips to keep you safer:

1. Turn on Automatic Updating- visit
http://update.microsoft.com/microsoftupdate and click Turn on Automatic Updates.
2. Install and update anti-virus software- visit http://download.ubc.ca to download Sophos Antivirus (free for UBC Faculty, Staff and Students).
3. Install anti-spyware software, such as Microsoft’s AntiSpyware beta ( http://www.microsoft.com/athome/security/spyware/software/default.mspx ).
4. Only visit well known websites, and refrain from downloading files via IM and P2P.
5. Install an alternate web browser such as Firefox ( http://www.mozilla.com/firefox/ ) or the VMWare Browser appliance ( http://www.vmware.com/vmtn/vm/browserapp.html ).
6. Turn off the preview pane in your email client.

If you believe you are infected by this exploit or any other, you can try running a full-service scan at the new web-based Microsoft Windows Live Saftey Center beta ( http://safety.live.com ).

For more information, please see:
http://www.kb.cert.org/vuls/id/181038
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://isc.sans.org/diary.php?storyid=994
http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability