1. Attachments are working again! Check out this thread for more details and to report any other bugs.

WMF exploit workaround

Discussion in 'Fred's House of Pancakes' started by JackDodge, Jan 4, 2006.

  1. JackDodge

    JackDodge Gold Member

    Joined:
    Sep 22, 2005
    2,366
    4
    0
    Location:
    Bloomfield Hills, MI
    Vehicle:
    Other Hybrid
    For those unfortunate souls who have a windows computer, you probably know that hackers have found an exploit that utilizes the Windows Picture and Fax Viewer to get in to your computer. Known as the Windows Meta File exploit, it can infect your computer through images. This is a highly dangerous vulnerability that has everyone very worried. Microsoft has said that it will come out with the patch to close this vulnerability on Tuesday but there is a workaround that they've recommended to keep malicious code from infecting your computer in the meantime. Basically, it disables the Windows Picture and Fax Viewer but can be easily reenabled so you're not doing any damage to your OS.

    Click Start then Run then paste the following line in to the Open box and click OK

    regsvr32 -u %windir%\system32\shimgvw.dll

    You should get a popup box that says "DllUnregisterServer in C:\WINNT\system32\shimgvw.dll succeeded."

    To undo, repeat the procedure but use the following line instead:

    regsvr32 %windir%\system32\shimgvw.dll

    For more information on this workaround, follow the link:
    http://www.microsoft.com/technet/security/...ory/912840.mspx
     
    #1 JackDodge, Jan 4, 2006
  2. TonyPSchaefer

    TonyPSchaefer Your Friendly Moderator
    Staff Member

    Joined:
    May 11, 2004
    14,816
    2,498
    66
    Location:
    Far-North Chicagoland
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Advanced
    Done.

    What did I just do?
     
    #2 TonyPSchaefer, Jan 4, 2006
  3. aka007ii

    aka007ii New Member

    Joined:
    Aug 27, 2005
    482
    0
    0
    Location:
    Santa Clarita, CA
    You've just been social engineered. :lol:
     
    #3 aka007ii, Jan 4, 2006
  4. wrprice

    wrprice Active Member

    Joined:
    Jul 11, 2005
    415
    308
    0
    Location:
    Houston, TX
    Vehicle:
    2016 Prius
    Model:
    Four Touring
    You've just unregistered the "Windows Image & Fax Viewer" application from being automatically launched whenever "you" want to view an image file format that it would normally handle, the problematic WMF files included.

    However, if System File Protection is still enabled, Windows may re-register that file at any time. Additionally, other software may still use the library as needed. What you've done is a stopgap measure that helps avoid accidental infection, but doesn't guarantee against it.

    This security hole has been around since Windows 3.x, but it was only in Windows XP and 2003 Server that the WMF file format had a default association -- making these versions of Windows more vulnerable than the older versions... but that's not to say that the old versions are safe from the exploit, either.

    It's widely assumed that Microsoft will not be releasing fixes for this exploit to any operating systems earlier than Windows 2000 -- meaning those people still running 95, 98, or ME will be seriously open to attack unless they finally bite the bullet and upgrade Windows (or switch to another operating system, like Linux or MacOS).

    Again, the "fix" above is only a stopgap measure and is not a guarantee that you won't be infected if you receive a malicious Windows Metafile image (WMF). There's a 3rd-party patch, which is a little more serious, and actually *disables* the security hole. You can download it HERE, but you do so at your own risk -- this is NOT a Microsoft sanctioned fix. Microsoft's solution won't be distributed until Jan. 10, 2006.


    For more information, search Google for "WMF exploit" or read various Blog entries like this one.
     
    #4 wrprice, Jan 4, 2006
  5. hyo silver

    hyo silver Awaaaaay

    Joined:
    Mar 2, 2005
    15,232
    1,563
    0
    Location:
    off into the sunset
    Vehicle:
    2004 Prius
    Model:
    N/A
    WMF: Weapons of Mass Fenestration
     
    #5 hyo silver, Jan 4, 2006
  6. JackDodge

    JackDodge Gold Member

    Joined:
    Sep 22, 2005
    2,366
    4
    0
    Location:
    Bloomfield Hills, MI
    Vehicle:
    Other Hybrid
    Of course, you can run the "stopgap measure" as often as you want.
    Well, considering that Microsoft doesn't support any OS previous to 2000 anyway, people with 3.1, NT, 95, 98, 98SE and the dreaded ME have been on their own for some time so this patch doesn't include them either. That's no surprise. To answer the question before it's asked, yes, I actually do know a couple of people who are still running 3.1. :p As a matter of fact, some are still using DOS 7
     
    #6 JackDodge, Jan 5, 2006
  7. hyo silver

    hyo silver Awaaaaay

    Joined:
    Mar 2, 2005
    15,232
    1,563
    0
    Location:
    off into the sunset
    Vehicle:
    2004 Prius
    Model:
    N/A
    Allow me to explain...my dictionary says fenestration is "the arrangement of windows in a building" Still not funny? Oh well, I try... :)
     
    #7 hyo silver, Jan 5, 2006
  8. LaughingMan

    LaughingMan Active Member

    Joined:
    May 20, 2005
    1,386
    2
    0
    Location:
    Marlborough, MA
    Uhm. That joke was kind of Dennis Millery....
     
    #8 LaughingMan, Jan 5, 2006
  9. jeneric

    jeneric New Member

    Joined:
    Oct 27, 2005
    442
    1
    0
    Location:
    Redmond, WA
    #9 jeneric, Jan 5, 2006
(You must log in or sign up to post here.)