University of Rochester

Currents--University of Rochester newspaper

Security flaw uncovered in Windows

Information Technology Services (ITS) reports that a serious and previously unknown vulnerability in the way Microsoft Windows handles certain images was recently discovered. The flaw in the operating system makes computer users vulnerable to spyware, viruses, and other malicious programs that can compromise machines.

This vulnerability is tricky because it can be executed in as many ways as are possible to view an image in Windows (e-mail, Web browsing, instant messaging, etc.). An infected image file could result in the potential loss of computer access and personal information or even identity theft. Windows 2000, Windows XP (SP1 and SP2), and Windows 2003 are affected by this current exploit. Other versions of Windows may be affected to some extent; however, non-Microsoft operating systems are not affected.

ITS is taking steps to help minimize the impact of this threat and protect University systems. Faculty and staff who run Windows should first contact their local IT/technical support person to determine the appropriate method for patching the system. For more information on this vulnerability or to verify if a system has already been patched, visit

ITS also encourages faculty and staff to be wary of suspicious images and cautious about the Web sites they visit.

Those with concerns about the issue can call 1-866-PC-SAFETY (Microsoft's Product Support Services). Faculty and staff who have additional questions or still need help can call the ITS Center at x5-2000 or visit

Maintained by Office of Communications
Please send your comments and suggestions to:
Office of Communications.