I received an email today from admin @ Microsoft dotcom saying my password has expired with a zip attachment indicating instructions. Not being gullible, but still being curious, I virus scanned the attachment and saw that it was indeed a virus. I forwarded the mail to our security team for investigation, but it brings up a good point. Don’t run attachments, patch your machines regularly and practice safe computing. My quick tips,
Don’t run attachments if you don’t know where they are coming from
Use and update your antivirus software
Use Windows Update
Use a firewall and block everything but the necessary ports.
There’s also been some news about a vulnerability affecting DCOM which lives inside the RPC process, with a patch available through Windows Update, which you should visit if you don’t have the RPC patch installed.
*Update: Link to the security bulletin