How to stay safe with the new Windows vulnerability
As previously published here, this is a quick-and-dirty method to get yourself in a relatively safe position:
1) Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
2) Restart the machine.
[Update] Note that this workaround still does not remove the vulnerability and will not block "modified" attacks.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with "regsvr32 %windir%\system32\shimgvw.dll" (without the quotation marks).
MSRC is fully aware about this situation and it is working on a patch to be released in the next days. In the meantime, make sure that your Windows OS is configured for receiving automated updates, and that you have an antivirus program installed.
[Second update - Jan 5] The fix is now available here: https://www.microsoft.com/athome/security/update/bulletins/200601_WMF.mspx
Comments
- Anonymous
January 03, 2006
What still isn't clear is whether this is a bug just in SHIMGVW or if it's a bug in the main WMF code in GDI. If it's just the former, then this workaround would be sufficient. But if it's in GDI itself, there'd still be plenty of open doors... - Anonymous
January 03, 2006
The comment has been removed - Anonymous
January 04, 2006
The comment has been removed - Anonymous
January 05, 2006
Actually, no Windows machine today should run without a good antivirus installed.
<a href="http://news.zdnet.com/2100-1009_22-6018696.html?tag=nl.e589">Here </a> you'll find an article by ZDNet. Almost all antivirus products can effectively protect from the wmf vulnerability, as proved after 206 tests. - Anonymous
March 24, 2008
PingBack from http://drinkingrecipesblog.info/antimail-how-to-stay-safe-with-the-new-windows-vulnerability/