Microsoft has released a WMF security update. Please visit http://windowsupdate.microsoft.com to install current security and  Windows updates. Use Internet Explorer web browser to visit the Windows Update site.

ITS recommends you turn on Automatic Updates to automatically download recommended updates for your Windows XP computer on the schedule you specify.

1. Open Control Panel

2. Select Automatic Updates

3. Select Automatic Updates and schedule a time for download and installation

4. Click OK

Microsoft Security Site  http://www.microsoft.com/security/default.mspx

Security updates summary for January 2006

The update for the WMF (Windows Meta File) vulnerability is included in this month's security update release. Two additional updates have been released this month that affect Microsoft Windows and Microsoft Office. To update your home computer, follow the steps under Actions to Take Now on this page. Note IT professionals and systems administrators should go to Microsoft TechNet. Install the updates Visit the Microsoft Update Web site to scan your computer for the needed updates. Note If you have Outlook 2002, go to Office Update to get the security update for Office. Use the Windows Automatic Updates feature Get high-priority security updates delivered automatically to your PC. See how to use Automatic Updates: Windows XP, Windows 2000, Windows Me. Protect your PC By taking a few basic steps, you can help protect your computer and its contents.

Previous WMF article

Microsoft has completed development of a security update to fix the vulnerability and is now testing it for quality and application compatibility, with a goal of releasing the fix worldwide on Jan. 10. Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement. Although the issue is serious and the attacks are being attempted, Microsoft’s intelligence sources indicate that the scope of the attacks is limited. In addition, attacks exploiting the WMF vulnerability are being effectively mitigated by anti-virus companies with up-to-date signatures.

Customer Guidance Users should take care not to visit unfamiliar or untrusted Web sites that could potentially host the malicious code. Additionally, consumer customers should follow guidance on safe browsing. Enterprise customers should review Microsoft’s Security Advisory #912840 for up-to-date guidance on how to prevent attacks through exploitation of the WMF vulnerability.

The intentional use of exploit code, in any form, to cause damage to computer users, is a criminal offense. Accordingly, Microsoft continues to assist law enforcement with its investigation of the attacks in this case. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country.

Customers who believe they may have been maliciously attacked by exploitation of the WMF issue can contact Microsoft’s Product Support Services for free assistance by calling the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security. Microsoft also continues to encourage customers to follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing anti-virus software. Customers can learn more about these steps at www.microsoft.com/protect.

Statement from Microsoft

http://www.microsoft.com/presspass/press/2006/jan06/01-03WMFUpdatePR.mspx

Microsoft Security Advisory

http://www.microsoft.com/technet/security/advisory/912840.mspx

Please contact the ITS Callcenter at 786-4646 option 1 or email callcenter@uaa.alaska.edu if you have any questions.