Windows zero day nightmare exploited


Recommended Posts

Havin_it

I looked back at Steve Gibson's site and he now has this to say about Win9x:

Windows 98/SE/ME users: Microsoft's original advice to "unregister the shimgvw.dll" (shell image viewer) was never correct or useful on those platforms. The good news is that all current WMF exploits appear to be non-functional on the older Win9x vintage platforms . . . so you will likely be okay until Microsoft has updated your system with the next security patches. There is no short-term workaround for Windows 9x users.

That would explain why the WMF-checker gives my GF's WinME machine the all-clear (I haven't used the path on it, obviously). Other findings:

- WMF files render automatically in IE, both embedded (in IMG tag) and via hyperlinks.

- WMF renamed as JPG do not render (red X in both the above scenarios).

- Thumbnail display isn't affected by unregistering the DLL (nor are the IE scenarios).

Too bad Steve doesn't go further about the apparent non-functioning of the current exploits. Could it be that their payloads (rather than the exploit itself) simply aren't coded for Win9x...? If so, it's only a matter of time.

Link to post
Share on other sites
Shibby

So the only way for me is unregister the dll or apply the unoffical hotfix.

Sorry i havn't kept up this

Link to post
Share on other sites
The_Decryptor

Too bad Steve doesn't go further about the apparent non-functioning of the current exploits. Could it be that their payloads (rather than the exploit itself) simply aren't coded for Win9x...? If so, it's only a matter of time.

yeah, they just wouldn't be coded for Win 9x, this "Feature" (was actually added by ms when they were designing WMF) exists as far back as Windows 3.0 apparently.

Link to post
Share on other sites
Chosen One

hey is there away so that there isnt a blue background on my icons ?I want it back to what it was before when I could see thru their names

Link to post
Share on other sites
exotoxic

i havnt seen anyone mention this (i didnt read all the threads about this)

assoc .wmf=txtfile

anyone know if this would protect against it?? as it would be opening the file in notepad instead of image viewer

EIDT: lol i looked 2 pages back and it was discussed... ah well :(

Link to post
Share on other sites
exotoxic

hey is there away so that there isnt a blue background on my icons ?I want it back to what it was before when I could see thru their names

system properties --> advanced --> performance --> check the use drop shadows for icon labels on the desktop

:)

Link to post
Share on other sites
tkyoshi

system properties --> advanced --> performance --> check the use drop shadows for icon labels on the desktop

:)

Actually most of the time i don't this this will work after you get infected.

Try This: http://www.greyknight17.com/spy/RepairDesktop.reg it worked on the couple systems i repaired.

Link to post
Share on other sites
Chosen One

I havent been infected and I got the patch installed but ya that option is checked and the blue back drops are still there

Link to post
Share on other sites
Michael_C

hey is there away so that there isnt a blue background on my icons ?I want it back to what it was before when I could see thru their names

Turn off active desktop.

Link to post
Share on other sites
Chosen One

Turn off active desktop.

ROFL, thanks that was the problem

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.