Subject: Critical Microsoft Windows Update MS06-055 -- 2 Oct. 2006
Microsoft security bulletin MS06-055 -- Vulnerability in Vector Markup
Language Could Allow Remote Code Execution (KB925486)
Members of the UVM Community:
A dangerous flaw in the Microsoft Windows operating system is being
exploited to take control of computers remotely, potentially for
malicious purposes. This flaw could put your Windows workstation and
UVM's information systems at risk, if you visit websites or open email
designed to exploit the vulnerability. Microsoft has released a
"patch" (September 26, 2006), which should be applied to all Windows
2000 and Windows XP systems, as well as to servers running Windows
2003. An exploit has not been observed at UVM, but security
specialists, such as McAfee and the federal US Computer Emergency
Readiness Team (US-CERT), are recommending immediate installation of
the patch.
Please go to this UVM web site -- http://www.uvm.edu/cit/vml-patch/
-- to learn more about the Vector Markup Language (VML) vulnerability,
how to check your PC for the patch and install if necessary, and our
recommendations on how to protect your workstation and the
University's information systems. Please call the Help Line at
656-2604 if you have questions or need assistance. If you've set
Windows to automatically apply Microsoft updates, or if your computer
is joined to the "CAMPUS" domain or on the COMIS system, the patch
should already be installed; it's advisable to have your computer check
for the update in any case.
David Todd
Chief Information Officer
University of Vermont
------------------------------------------------------