Security Notice: Critical Windows Vulnerability with Active Exploits

Acritical vulnerability has been discovered in the Windows graphicsengine; all versions of Windows are affected. This vulnerability allowsan attacker to run any program on the affected computer.

Various exploits for this vulnerability are now spreading throughimage files on websites, image attachments to email messages, and filesshared via instant messenger (IM) and peer-to-peer (P2P) applications.

Microsoft has not yet released a patch, although they expect torelease one during the monthly Windows patch set due on January 10th.

There are a number of ways that a Windows machine could be affected:

  • Browsing a website that contains an infected file
  • Opening a message that contains an infected file
  • Viewing a message that contains an infected file in your email client preview pane
  • Opening an infected file downloaded via IM or P2P
  • Browsing a directory that contains an infected file
  • Single-clicking on an infected file
  • Indexing a directory that contains an infected file

Since there are so many ways that a Windows machine can becompromised by this vulnerability, it is essential that everyonepractice safe computing.

Until a patch is released, here are some tips to keep you safer:

  1. Turn on Automatic Updating – visit Microsoft Update and click Turn on Automatic Updates.
  2. Install and update anti-virus software – visit UBC Software Downloads to download Sophos Antivirus (free for UBC Faculty, Staff and Students).
  3. Install anti-spyware software, such as Microsoft’s AntiSpyware beta.
  4. Only visit well known websites, and refrain from downloading files via IM and P2P.
  5. Install an alternate web browser such as Firefox or the VMWare Browser appliance.
  6. Turn off the preview pane in your email client.

If you believe you are infected by this or any other exploit, you can try running a full-service scan at the new web-based Microsoft Windows Live Saftey Center beta.

For more information, please see:

Phishing Warning: Fake Support Message Targeted at Netinfo/Interchange and Exchange Contains a False Link

Some Netinfo/Interchange and Exchange account holders have receivedemail messages claiming to be from the “Interchange Security DepartmentAssistant” or the “Exchange Security Department Assistant”. The messagelooks something like this:

From: support@interchange.ubc.ca
Subject: *IMPORTANT* Please Confirm Your Account
To: username@interchange.ubc.ca

Dear Valued Member,
According to our site policy you will have toconfirm your account by the following link or else your account will besuspended within 24 hours for security reasons.
http://www.interchange.ubc.ca/confirm.php?email=username@interchange.ubc.ca
Thank you for your attention to this question. We apologize for any inconvenience.
Sincerely,Interchange Security Department Assistant.

We have seen slight variations on the subject line:

  • *IMPORTANT* Please Confirm Your Account
  • *IMPORTANT* Please Verify Your Account

The email message will also conclude with the line:

Sincerely,Interchange Security Department Assistant.

or:

Sincerely,Exchange Security Department Assistant.

If you encounter this message, do not follow the link in the email.Delete the message immediately. After deleting the message, scan yourcomputer for viruses with up-to-date antivirus software. Free antivirussoftware is available for UBC students, faculty, and staff. Please goto http://download.ubc.ca for more information.