Computer Security Risk (Valid Warning)

January 6, 2006

This is from my sister, an electronics tech who works for a large

laboratory. Always something... Be careful out there

Cassie

From: " Jayne "

Subject: FW: ***Computer Security Risk***

Date: Thu, 5 Jan 2006 07:12:45 -0700

Thought I might share this with you.

________________________________

From: Limb, Bryce

Sent: Wednesday, January 04, 2006 4:15 PM

Everyone at ARUP

Subject: ***Computer Security Risk***

There is a new vulnerability that has the potential for creating issues

on Windows based systems. This message should be read and remember that

this could potentially affect your system here at ARUP and has a much

higher risk of impacting your home system.

Threat:

The new vulnerability is with the Microsoft Windows WMF graphics engine

that is part of the Windows operating system. The WMF components are

used to present graphic images that are found on websites, e-mails

messages, etc. There is the possibility that malicious code can be

contained within the graphics and when they are opened or viewed the

code is executed and your system will become infected without your

knowledge. The code could have the potential to use your system to

attack others, monitor or log your key strokes (this could be capture

sensitive information like usernames and passwords that could be used)

or other malicious actions.

Microsoft does not currently have a correction for this vulnerability

but says they are working on a release.

What you should do:

I would like to ask that if you are using outside e-mail or third party

e-mail, like Xmission, , Earthlink, etc., here at ARUP that you

stop this practice immediately. Please do not click on any links that

are connected to any e-mail unless you know exactly what it is and

completely trust the source and DO NOT OPEN ANY TYPE OF IMAGE FILES. I

would like to ask that you limit your web surfing to those sites that

are required to do your jobs, there is a risk of obtaining the malicious

code just by viewing infected sites.

For your home systems, I would insure that your anti-virus and Windows

patches are up to date. I would also not open picture files or click on

links that are attached to e-mails. I would also limit my surfing until

a correction is released from Microsoft.

If you have any questions please feel free to contact me at your

convenience. We believe that with the current security measure we have

in place at ARUP that we should be able to avoid an infection but we

need your help to insure that we limit our vulnerability and risk.

Thanks for your help.

********************************************************************

Bryce R. Limb

AVP, IT Systems & Support/Information Security Officer

Information Technology

ARUP Laboratories, Inc.

500 Chipeta Way, Salt Lake City, Utah 84108-1221

Phone: (801)584-5224

Fax: (801)583-2712

E-Mail: limbbr@...

Web: www.aruplab.com

- ------------------------------------------------------------------

The information transmitted by this e-mail and any included

attachments are from ARUP Laboratories and are intended only for the

recipient. The information contained in this message is confidential

and may constitute inside or non-public information under

international, federal, or state securities laws, or protected health

information and is intended only for the use of the recipient.

Unauthorized forwarding, printing, copying, distributing, or use of

such information is strictly prohibited and may be unlawful. If you

are not the intended recipient, please promptly delete this e-mail

and notify the sender of the delivery error or you may call ARUP

Laboratories Compliance Hot Line in Salt Lake City, Utah USA at (+1

(800) 522-2787 ext. 2100

January 6, 2006