I received an email today from admin @ Microsoft dotcom saying my password has expired with a zip attachment indicating instructions.  Not being gullible, but still being curious, I virus scanned the attachment and saw that it was indeed a virus.  I forwarded the mail to our security team for investigation, but it brings up a good point.  Don't run attachments, patch your machines regularly and practice safe computing.  My quick tips,

  • Don't believe everything you read in email. Not sure? Check here or here
  • Don't run attachments if you don't know where they are coming from
  • Use and update your antivirus software
  • Use Windows Update
  • Use a firewall and block everything but the necessary ports.

There's also been some news about a vulnerability affecting DCOM which lives inside the RPC process, with a patch available through Windows Update, which you should visit if you don't have the RPC patch installed.

*Update: Link to the security bulletin