[ skip to content ]


Dear Old Dominion University Community,

I am writing to make the campus community aware of a security defect in the Microsoft Windows operating system and provide steps that will help prevent the compromise of a computer on the ODU network.

What is the security vulnerability?

Microsoft Corporation has issued a security advisory for a previously unknown security vulnerability for Microsoft Windows. This security defect uses the method in which Windows handles a Windows Metafile (WMF) image to take control of computers. A computer running Windows becomes compromised when a user opens an image file with the malicious code or visits a web site that has the malicious code embedded on the site.

When will Microsoft fix the problem?

Microsoft is testing code to fix the problem. Microsoft's goal is to release the fix on Tuesday, January 10th. Once the fix is received, it will take a few days to patch systems across the campus.

What steps can a user take to help prevent a computer from being compromised?

Until the fix is installed across the campus, OCCS is highly recommending that all users follow these steps for safe computing.

1. Avoid unexpected or unusual links to web sites in email. Make sure you are aware of the web site and the source of the email before following the link. Avoid web links for holiday greetings, jokes, funny pictures, or other similar content.

2. Avoid opening unexpected or unusual email attachments. Make sure you know the source of the email and attachment. A malicious file may have almost any name and extension. Avoid email attachments for holiday greetings, jokes, funny pictures, or similar content.

3. Avoid file sharing and other applications that upload and download files anonymously.

4. Make sure the virus software is updated using the following steps.

. Click Start, click Programs, click Network Associates, click VirusScan Console
. From the VirusScan Console, click Help, click About
. The Virus Definitions should be at level 4664 or higher.
. Please note that if you turned off your computer during the break the virus definition may have not updated. If the virus definitions is not at level 4664 or higher by noon Tuesday, please contact the OCCS Technical Support Center (contact information below).

5. For those who are administrators of their computers, we recommend that you use a regular user (called limited user in Windows XP) account on the computer. Do not use an Administrator or Power user account for day to day use. The exploit only gains the access of the user account being used at the time of the exploit. It is very easy to get a computer compromised through this exploit.

What steps is OCCS taking to help prevent a compromise?

1. Email with .wmf and .emf file extensions are being blocked. However, remember that a malicious file may have almost any name and extensions.

2. Some web sites known to contain malicious code are being blocked. However we expect the number of these sites to increase quickly making it impossible to maintain.

An additional step for Microsoft Outlook users:

If you use Microsoft Outlook as an email client, then configure Outlook not to use the "Preview" feature.

The best way to prevent a compromised computer is by the action of the user. If you have any questions concerning ODU computers, please contact the OCCS Technical Support Center at 3-3192, occshelp@odu.edu, or enter a problem report at https://fp.odu.edu using your MIDAS account-id and password.

Thank you,

Rusty Waterfield
Acting Assistant Vice President
Office of Computing and Communication Services

This article was posted on: January 3, 2006

Old Dominion University
Office of University Relations

Room 100 Koch Hall Norfolk, Virginia 23529-0018
Telephone: 757-683-3114

Old Dominion University is an equal opportunity, affirmative action institution.