Windows .WMF Vulnerability - Updated
Update - Jan 6
Microsoft has released the .WMF patch early. For those of you running Windows 2000 or greater at home, you can manually download and install the patch from the following url (you will have to reboot your system):
Reports are that the patch is also available through Windows Update as well. Campus systems will be receiving the patch through the automated Software Update Services (SUS).
For those of you using laptops and plan to take your systems off campus are urged to run WIndows Update to ensure you get all updated patches prior to leaving the campus. A copy of the patch is also available through the MyUWinnipeg Portal under Faculty Staff Pages > Trend Anti Virus Software
On December 28, Microsoft released an advisory outlining a previously unreported vulnerability in the way Windows deals with image files. Malicious code to exploit this vulnerability has already been released and is appearing on a variety of web sites. Trojans are also being distributed via E-Mail as attachments.
More information on this '0-day exploit' can be found on Microsoft's web site here. There is currently no patch available for this vulnerability, although one is expected to be released on January 10.
Microsoft has been working with Anti virus companies to minimize the impact to Windows users. As such, several varients of Trojans that exploit this flaw have been identified and cataloged. At a bare minimum, it is recommended that all users ensure their systems have updated Anti virus pattern files. For Trend Micro OfficeScan users:
- Alternate mouse-click on the Trend Micro OfficeScan Taskbar icon (the blue circle) and select 'Update Now!
- Select 'Update Now' in the Settings box
- Be patient as OfficeScan verifies the pattern file versions
For other Anti virus software, follow the manufacturers recommendations for downloading and installing pattern file updates.