February 12, 2004

This message does not apply to systems managed by Health System Computing Services (HSCS).

Microsoft has released critical updates to deal with new security holes in most Windows operating systems (NT, 2000, XP, 2003 Server). As with past Windows security issues, an unprotected computer can easily be attacked. When a machine is successfully attacked, it means that someone has been able to take control of your computer and do any number of things including destroying or altering your data, leaving behind malicious programs that could be used to broadcast your personal information to other sites, or turn your computer into a mechanism to attack other sites and distribute illegal information.

All users of Windows operating systems noted above should protect themselves against these threats by running Windows Update (http://windowsupdate.microsoft.com) immediately and installing all Critical Updates, unless your LSP/local computing support person has previously told you that this is being handled centrally.

ITC now offers a free service that provides participating workstations with automated application of Microsoft's critical updates after they become available and are tested; see (http://www.itc.virginia.edu/microsys/patchmanagement.html) for more details and check with your local support person to be sure this is not already in place in your area. To join, send an email to itc-microsystems@virginia.edu.

If you haven't already joined ITC's patch service, you should configure your computer to automatically run Windows Update daily. For instructions on how to do this, please see:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;306525