University of Rochester

Service Request Forms

Student Email

Training Guides and Reference Materials

Leadership and Staff Job Opportunities

Student Job Opportunities

IT Emergency Notification System

 Security Reports:

01/09/06 00:00: Security Report: Severe Microsoft Windows Security Flaw Uncovered


A serious and previously unknown vulnerability in the way Microsoft Windows handles certain images was recently discovered. The flaw in the operating system allows computer users to be vulnerable to spyware, viruses, and other malicious programs that can compromise machines.

This vulnerability is tricky because it can be executed in as many ways as are possible to view an image in Windows (email, web browsing, instant messaging, etc.). An infected image file could result in the potential loss of computer access and personal information or even identity theft. Windows 2000, Windows XP (SP1 and SP2) and Windows 2003 are affected by this current exploit. Other versions of Windows may be affected to some extent; however, non-Microsoft Operating Systems are not affected.

Information Technology Services (ITS) is taking steps to help minimize the impact of this threat and protect University of Rochester systems. If you are running Microsoft Windows, please follow these instructions:

STEP 1: Contact your local IT/Technical support person to determine the appropriate method for patching your system. For more information on this vulnerability or to check if your system has already been patched, we recommend that you also review the following website:

STEP 2: Be wary of suspicious images. Also, be cautious about websites you visit and try to restrict your internet use to trusted sites.

If you have any concerns regarding this issue, please call 1-866-PC-SAFETY (Microsoft’s Product Support Services). If you have additional questions, or still need help, please call the ITS Center at 5-2000.

Thank you.

ITS Security Office