Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
 Documentation
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Your health 
 » Mac support 
 » Linux support 
 » Windows PC support 

Critical Windows WMF file Vulnerability

Recently, a vulnerability was discovered in the way that graphics are rendered in Windows. This vulnerability would allow a PC to be compromised though actions such as:

  • Visiting a malicious web site
  • Viewing a specially crafted image (including directory thumbnail images) with Internet Explorer or Windows explorer
  • Indexing such an image with tools such as Google Desktop

On Tuesday, January 10, Microsoft plans to release a patch for this vulnerability. SCS Facilities will be pushing out this patch as part of the automated Windows update process. You will receive the normal email notification prior to the update being pushed.

In the meantime, you can protect yourself from this vulnerability as per the instructions given by CMU Computing Services in their recent e-mail and at:

http://www.cmu.edu/computing/security//latest/bulletins/MS06.WMF.htm

Note: we do not know how the Computing Services' recommended "interim hotfix" will interact with Microsoft's official patch or whether it may break some applications. For that reason, we are not automatically deploying it to SCS hosts. However, people should feel free to install it themselves, and should un-install it when the official patch is announced by SCS Facilities.

If you have any questions or concerns regarding this vulnerability, please contact the SCS Help Desk, x8-4231 or send mail to help+@cs.cmu.edu.

Thank you for your attention,

SCS Help Desk