Microsoft has issued a Security
Advisory (912840) concerning the recent WMF vulnerability exploit. Microsoft
also confirmed the REGSVR32 workaround as a viable solution to protect your PC
until they have had time to fully research the vulnerability and issue a patch. The following is a quote from the Microsoft Security Advisory.
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type " regsvr32 -u %windir%/system32/shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer. To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%/system32/shimgvw.dll” (without the quotation marks).
Antivirus and Security Experts at F-Secure advise that this method is more secure than simply filtering WMF content, as many types of image files (.GIF, .BMP, .JPG, .TIF, etc...) could be used in this exploit. F-Secure warns that to date they have only experienced spyware and fake antispyware / antivirus installations with this exploit but that more serious infections may be coming soon.
View: F-Secure WMF Vulnerability Update
News source: Microsoft Security Advisory 912840
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type " regsvr32 -u %windir%/system32/shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer. To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%/system32/shimgvw.dll” (without the quotation marks).
Antivirus and Security Experts at F-Secure advise that this method is more secure than simply filtering WMF content, as many types of image files (.GIF, .BMP, .JPG, .TIF, etc...) could be used in this exploit. F-Secure warns that to date they have only experienced spyware and fake antispyware / antivirus installations with this exploit but that more serious infections may be coming soon.
















To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%/system32/shimgvw.dll” (without the quotation marks).
Last edited by #2 on 01 Jan 1970 - 00:00
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.
Finity v5 Theme © 2008 Neowin.net · Credits
About Us · Privacy Statement · Advertising