UVM Tower Logo

The University of Vermont


Office of the Chief Information Officer

October 2, 2006


To:           UVM Students, Faculty, and Staff

Subject:      Critical Microsoft Windows Update MS06-055 -- 2 Oct. 2006

Microsoft security bulletin MS06-055 -- Vulnerability in Vector Markup Language Could Allow Remote Code Execution (KB925486)

Members of the UVM Community:

A dangerous flaw in the Microsoft Windows operating system is being exploited to take control of computers remotely, potentially for malicious purposes.  This flaw could put your Windows workstation and UVM's information systems at risk, if you visit websites or open email designed to exploit the vulnerability.  Microsoft has  released a "patch" (September 26, 2006),  which should be applied to all Windows 2000 and Windows XP systems, as well as to servers running Windows 2003.   An  exploit has not been observed at UVM, but security specialists, such as McAfee and the federal US Computer Emergency Readiness Team (US-CERT), are recommending immediate installation of the patch.

Please go to this UVM web site -- http://www.uvm.edu/cit/vml-patch/ -- to  learn more about the Vector Markup Language (VML) vulnerability, how to check your PC for the patch and install if necessary, and our recommendations on how to  protect your workstation and the University's information systems.   Please call the Help Line at 656-2604 if you have questions or need  assistance.  If you've set Windows to automatically apply Microsoft updates, or if your computer is joined to the "CAMPUS" domain or on the COMIS system, the patch should already be installed; it's advisable to have your computer check for the update in any case.

David Todd
Chief Information Officer
University of Vermont
------------------------------------------------------