Iowa State University

ITInformation Technology

Patch Now to Combat Windows Critical Vulnerability

This news item expired January 20, 2006. It may contain out-of-date information.
Currently in the news is notice of a Windows vulnerability based on a flaw in a special file type, the Windows Metafile (WMF). Malicious programs stored in a WMF file can execute on any Windows system. This is a very serious vulnerability and you should patch your computer immediately. This newly discovered vulnerability is being rapidly adopted by the hacker community. Infected image files are being delivered primarily by websites but also by spam and instant messaging -- techniques that can deliver spyware, remote control Trojans, and keyboard loggers, which are common types of exploits. Your computer can also be compromised by any webpage or email containing a compromised image. Microsoft released a patch for the problem on January 5. This is a very serious vulnerability. It is critical that you protect your computer with the patch. How do I install the patch? If you have enabled automatic updates, then your system will receive the update automatically. If automatic updates has not run on your system since January 5, 2006, you should use the Windows Update facility to install the patch now. To do so, start Internet Explorer. then select "Windows Update" from the "Tools" menu and follow Microsoft's instructions. If you have not configured your computer to use automatic updates, you will need to install a backlog of security updates as well as the WMF patch. It is best to use the Windows Update facility to do this. You can enable automatic updates on Windows XP by clicking ’Start“ then right-clicking ’My Computer“. Select ’Properties“ from the pop-up menu. In the Properties menu, select the ’Automatic Updates“ tab. Choose ’Automatic“ and select a preference for the time of day that updates will occur. If the options under the Automatic Updates tab are grayed-out, your updates are being managed centrally. See your computer support specialist if you have questions about your update settings. How can I tell if my machine was compromised through this vulnerability? Many different exploits can be installed through this vulnerability. Many can be detected by up-to-date antivirus software and spyware detection software. See the Top Ten Computer Security Tips ( for more information about installing or keeping this software updated. If you need assistance, please contact your computer support specialist or the Solution Center (, 515-294-4000, 195 Durham Center).