Precautions From Michigan's Information and Technology Dept.

On December 27 a new vulnerability affecting all Microsoft operating systems was made public. It involves compromising the behavior of Windows Meta Files (WMF). At this time there is no patch. Because of the way the operating system handles this type of file, Microsoft and non-Microsoft browsers are affected. It is dangerous because it enables malicious individuals to have remote control of infected machines.

The Department of Information Technology/Office of Enterprise Security (DIT/OES) has heard from other security agencies of machines being infected. We have found several suspect units in the state that will be reformatted and rebuilt (The only way to safely remove a Trojan program). The most likely source of infection is Internet Relay Chat or the use of POP email, e.g. Hotmail accounts.

The estimated release date for Microsoft's patch is Tuesday January 10, 2006.

In the meantime, Michigan's DIT/OES recommends the following steps for protection:

• Keep antivirus software current. (Symantec signatures as of December 28, 2005 can detect some variants)
• Do not click on suspicious attachments.
• Do not click on new web site links you are not positive are valid.

DIT/OES will post updates as we receive them.

For more technical information you can go to Microsoft at: http://www.microsoft.com/technet/security/advisory/912840.mspx(Yes, this is a safe site).