Microsoft Confirms WMF Vulnerability, Plans for Patch

Microsoft has issued a Security
Advisory (912840) concerning the recent WMF vulnerability exploit. Microsoft
also confirmed the REGSVR32 workaround as a viable solution to protect your PC
until they have had time to fully research the vulnerability and issue a patch. The following is a quote from the Microsoft Security Advisory.

Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)


1. Click Start, click Run, type "

regsvr32 -u %windir%/system32/shimgvw.dll" (without the quotation marks), and then click OK.


2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.


Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer. To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with "regsvr32 %windir%/system32/shimgvw.dll" (without the quotation marks).

Antivirus and Security Experts at F-Secure advise that this method is more secure than simply filtering WMF content, as many types of image files (.GIF, .BMP, .JPG, .TIF, etc...) could be used in this exploit. F-Secure warns that to date they have only experienced spyware and fake antispyware / antivirus installations with this exploit but that more serious infections may be coming soon.

View: F-Secure WMF Vulnerability Update


News source: Microsoft Security Advisory 912840


Report a problem with article
Next Article

World of Warcraft rumor - New Alliance race confirmed?

Previous Article

What can we expect from Microsoft in 2006