Microsoft Releases Security Update to Fix Vulnerability in Windows

REDMOND, Wash. – Jan. 5, 2006 – On Tuesday, Jan. 3, 2006, Microsoft Corp. announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows® Meta File (WMF) area of code in the Windows operating system, in response to malicious and criminal attacks on computer users that were discovered last week.

Microsoft will release the update today, Thursday, Jan. 5, 2006, earlier than planned.

Microsoft originally planned to release the update on Tuesday, Jan. 10, 2006, as part of its regular monthly release of security bulletins, after testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.

Microsoft’s monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft’s efforts to shut down malicious Web sites and by up-to-date signatures from anti-virus companies.

The security update will be available at 2 p.m. PST as MS06-001.

Consumer customers who use Automatic Updates will receive the update automatically and do not need to take any additional actions. Consumers can also manually download and deploy the update by visiting Microsoft Update or Windows Update. Consumers can also get more information at Microsoft’s Security At Home Web site. Enterprise customers who are using Windows Server Update Services will receive the update automatically. In addition, the update is supported by Microsoft Baseline Security Analyzer 2.0, Systems Management Server and Software Update Services. Enterprise customers can also manually download the update from the Download Center.

Microsoft will hold a special webcast on Friday, Jan. 6, 2006, to provide technical details about MS06-001 and answer questions. Customers can sign up for the webcast on microsoft.com.

Microsoft will also be releasing additional security updates on Tuesday, Jan. 10, 2006, as part of its regularly scheduled release of security updates.

In addition to deploying MS06-001, users should take care not to visit unfamiliar or untrusted Web sites that could potentially host the malicious code. Consumer customers should follow the guidance on safe browsing. Enterprise customers should review Microsoft’s Security Advisory #912840 for up-to-date guidance on how to prevent attacks through exploitation of the WMF vulnerability.

The intentional use of exploit code, in any form, to cause damage to computer users is a criminal offense. Accordingly, Microsoft continues to assist law enforcement with its investigation of the attacks in this case. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country.

Customers who believe they may have been maliciously attacked by exploitation of the WMF issue can contact Microsoft’s Product Support Services for free assistance by calling the PC Safety line (1-866-PCSAFETY); international customers can use any method detailed at http://support.microsoft.com/security.

Microsoft continues to encourage customers to follow its Protect Your PC guidance by enabling a firewall, getting software updates and installing anti-virus software.

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Microsoft is a registered trademark of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft® Web page at http://www.microsoft.com/presspass on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.mspx.