Home > News > New security issue threatens all campus PCs

New security issue threatens all campus PCs

• What we do
• Who we are
• Rates and contracts
• Advice and how-to
• Computing policies
• Contact us
• News

See also:

• "Windows PCs face 'huge' virus threat," Financial Times Online (FT.com)
• "Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution,"Microsoft Security Advisory (912840)

by Michael Quan, LSCR Computer Security

January 2, 2006 – On December 30, 2005, a very serious Microsoft Windows vulnerability was discovered and made public to the computing world. Within hours, a hacker group made public a program to take advantage of this vulnerability. On December 31, 2005, an image in a banner advertisement containing a program to install spyware onto unprotected Windows computers appeared on the web; any Windows computer viewing this banner, in email or on the web, would become infected with spyware. Other, more serious exploits are likely to be found in the field soon.

Because this vulnerability affects every Microsoft Windows machine and the exploit code has already been used, every security expert is working urgently to protect systems under their care. Campus Security has issued alerts to the UC Berkeley campus as of this morning at 8:00 AM.

What you should do

Microsoft has not yet issued a patch to fix the problem, and there is not a single action which will guarantee the safety of your computer. LSCR is planning to visit all of our customers who have Windows machines, to do everything we can to lock them down until the problem is truly solved. Please let us know if you are on campus and using your computer this week, so we can make sure your machine is prioritized. Your presence is not needed for the work to be done.

Update, January 3: Microsoft has announced that they will release a patch for the problem on January 10. After that day, machines with automatic updates enabled will hopefully be protected.

What you may see changed on your computer

You may notice certain images may appear as a broken image icon on web pages, or you may see a blank web banner ad. You may also notice broken image icons in your email messages. Certain image viewing programs like Windows Image Viewer and Windows Fax Viewer will no longer work. The impact on other image manipulation software like Adobe Photoshop is not known.

The complete impact of this "fix" on email clients much like Eudora, Thunderbird, etc., is not fully known.

Other ways you can protect yourself

The common and very prudent mantra is to always know the web addresses you view on your web browsers like Internet Explorer, Opera, FireFox, etc. Also, always be cautious on any email you are not expecting, even if it appears to be from an email addresses you are familiar with.

Using the FireFox web browser instead of Internet Explorer will reduce your exposure to this vulnerability. If you are using Eudora, you should turn off the "preview pane," which loads images even before you read the message, making you vulnerable to security holes like this one even if you never open the suspicious message.

LSCR strives to keep your anti-virus and anti-spyware software up to date with regular computer maintenance, and automatic updates over the network. You may also make sure you are updated by checking your Symantec Antivirus software to see if it is has been recently automatically updated at least within a day of the current date; if it has not, you can request an update using the anti-virus software itself.

If you have any questions, feel free to contact your LSCR support team.