Penn Staters urged to apply new Microsoft security patch

University Park, Pa. -- Penn State Information Technology Services (ITS) has announced that an important security patch was issued by Microsoft on Jan. 5 for the following Windows products: Windows XP, Windows 2003 and Windows 2000 (SP4). This patch addresses a Windows Metafile (WMF) vulnerability identified in late December. Microsoft information on the vulnerability and the patch is available at http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx online.

Users of earlier versions of Windows should consult the information in the FAQ referenced in the Microsoft bulletin.

Both Microsoft and the University urge all affected computer users to apply the patch immediately. The patch addresses a defect in the software that allows images to be viewed in Windows. The vulnerability is such that full control over a computer could be achieved by a remote intruder -- for any purpose. A computer that is not patched can become infected if the user is tricked into viewing a malicious image, or automatically without the user's knowledge when he or she is viewing/previewing certain image files (depending on the browser/viewer in use). Active exploits that target the vulnerability have occurred worldwide and some instances have been identified at Penn State.

Students, faculty and staff are encouraged to go to Penn State's Take Control Web site at http://its.psu.edu/takecontrol/ online and the Security Operations and Services (SOS) home page at http://sos.its.psu.edu online frequently to get the University's latest security updates. In the case of a compromised account or an incident involving sensitive information, call the SOS office, a unit of ITS, directly at (814) 863-9533 during regular business hours.