News and Alerts (for IT system administrators)

Support for Windows XP coming to an end April 8, 2014

Microsoft’s extended lifecycle support for Windows XP will end on April 8, 2014. This means there will be no more critical and security upgrades for Windows XP after that date. As a LAN Administrator, you need to ensure that all administrative computers in your department are running one of these supported operating systems: Windows 7, Windows Vista, or Windows 8 (once it is available and tested at McGill).

ICS has started installing Windows 7 on all administrative computers that we support. We tested Windows 7 on McGill centrally supported systems and approve its use on McGill-owned computers. Read Windows 7 Implementation at McGill and the Windows 7 compatibility list found in the IT Knowledge Base.

If you have any questions contact the ICS Service Desk.

Windows Shell Vulnerability – USB Worm

effective July 2010

A vulnerability in Windows Shell has been reported in a Microsoft Security Advisory. The vulnerability takes advantage of the way Windows parses shortcut files, such that when a specially crafted shortcut (icon) is displayed, malicious code is automatically executed without any user intervention. This vulnerability is currently being exploited through removable drives such as USB keys. Other vectors of infection are also possible. As of this posting, no patch addressing this vulnerability has been made available by Microsoft.

The Stuxnet malware attempts to exploit this vulnerability. We suspect that Stuxnet has been active for at least a month, possibly longer. Although Microsoft has provided workarounds, these options are not Enterprise friendly and are not recommended at this time as an optimal solution. Trend OfficeScan and Microsoft Security Essentials currently detect variants of this malware.

Trend clients should confirm that they are running pattern file 7.308.03 or above and scan engine 8.9 or above. To verify you client’s status, go to Start>All Programs>Trend Micro OfficeScan Client>Office Scan client. Once the OfficeScan Client console is loaded, click on Help>About. Next to Components, click on the View link. Microsoft Security Essentials clients should run Windows Updates to obtain the latest software, virus and spyware definition versions. Affected Systems include the following supported versions of Microsoft Windows:

Clients

Windows XP Service Pack 3
Windows Vista Service Pack 1 and 2
Windows 7

Servers

Windows Server 2003 Service Pack 2
Windows Server 2008, Windows Server 2008 Service Pack 2, and Windows Server 2008 R2

Users should always be careful when connecting a removable drive to their computers and as a best practice, scan the drive with an updated anti-virus client to check for any potentially malicious files.

If you have any questions or concerns, please contact the ICS Service Desk at 514-398-3398.

Windows Service Packs to be retired by Microsoft

Information Security would like to remind all IT support staff that on July 13, 2010, Microsoft will end support on Windows XP below Service Pack 3. This means that new security updates, hotfixes and support will no longer be available for the retired service packs.

We strongly recommend that you begin installing Service Pack 3 on all supported systems before this service pack retires as your systems will become vulnerable to new exploits and attacks. Please take the necessary precautions to test before deploying the latest service packs to all your supported systems. If you require any assistance, please email the ICS Service Desk or call 514-398-3398.

It is also necessary to update all Windows operating system service packs to the version currently supported. This includes both workstations and servers. For a list of Windows supported (non-retired) service packs, please visit Microsoft’s Lifecycle Supported Service Packs web page:
http://support.microsoft.com/gp/lifesupsps#Windows

To learn more about Microsoft’s product support life cycles, visit:
http://support.microsoft.com/gp/lifeselectwin.

If you have any questions, please do not hesitate to contact infosec [at] mcgill [dot] ca (Information Security).

Updated on Thu, 2012-09-20 14:28

Main navigation

Section navigation

Support for Windows XP coming to an end April 8, 2014

Windows Shell Vulnerability – USB Worm

Windows Service Packs to be retired by Microsoft

Related Content

Search the IT Knowledge Base:

Service Status

Announcements

uApply launched for graduate applicants for Fall 2014 term

myCourses - Instructors need to re-add "External Tools" widget (for Lecture Recording)

Web Management System upgrade coming Fall 2013 - Spring 2014

Changes to the ICS Audiovisual Loans service – effective immediately

Scheduled Maintenance

uApply (Graduate Admissions System) maintenance - Oct 7

myCourses monthly downtime for October

Content Management System (CMS) maintenance

Department and University Information

ICS Service Desk