ADVISORY: New Windows Vulnerability Necessitates New Email Attachment Restrictions

On Tuesday, January 03, 2006, UC Davis implemented temporary measures to prevent the exploitation of a serious new computer vulnerability for which no patch is yet available. This vulnerability affects Windows 2000, Windows XP, Windows Server 2003, Windows 98 and ME systems and may be exploited when infected email file attachments or infected Web pages are viewed. Once a computer is infected, data may be permanently lost and/or a remote attacker could gain control of the computer.

After extensive consultation with the campus leadership, the decision has been made to temporarily block wmf image attachments. These files can have a number of different extensions, but most commonly will have .wmf and .jpg extensions. Recipients of messages from which file attachments have been removed will be notified of the deleted attachment; senders will not be notified. Instructions for senders wishing to resend the deleted attachment will also be included in the message. Additional information is available at http://security.ucdavis.edu/faq.cfm#temprestrict.

Unfortunately, Microsoft has not yet released a patch for this serious vulnerability. The above measures are expected to remain in place for an appropriate period of time. In the meantime, we will work to develop more specific filtering measures.

I encourage each of you to use great caution when opening email attachments and viewing Web pages (particularly those to which you have been referred via email) until a patch has been released and you have installed it on your computer.

If you have any questions regarding this security measure, please contact Robert Ono, at raono@ucdavis.edu.

Peter Yellowlees, MBS, MD
Interim Vice Provost
Information and Educational Technology