http://www.hexblog.com/2005/12/wmf_vuln.h
possibly the worst Windows hole ever, affects all versions, and spreading fast; install this now, as even viewing an image can infect you. - via ![[info]](http://p-stat.livejournal.com/img/syndicated.gif){kind=small}
waxy_org
Not a hoax.
Profile
![[info]](http://p-stat.livejournal.com/img/userinfo.gif)
scottobear- Raj KAJ
- The Scotto Grotto
Page Summary
- i : (no subject) [+1]
- scottobear : (no subject) [+0]
- photocentric : (no subject) [+3]
- weezeroni : (no subject) [+9]
- eryx_uk : (no subject) [+1]
- flying_blind : (no subject) [+1]
- anony_moos : (no subject) [+1]
- oneeyedcat : (no subject) [+1]
- phillykat : (no subject) [+1]
- peradouro : thanks anyways, no go [+1]
Designed by chasethestars
chasethestars
Comments
<tr><td class="listBullet" valign="top"></td><td class="listItem">
Un-registerthe Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP ServicePack 1; Windows XP Service Pack 2; Windows Server 2003 and WindowsServer 2003 Service Pack 1
Microsoft has tested the followingworkaround. While this workaround will not correct the underlyingvulnerability, it helps block known attack vectors. When a workaroundreduces functionality, it is identified in the following section.
NoteThe following steps require Administrative privileges. It isrecommended that the machine be restarted after applying thisworkaround. It is also possible to log out and log back in afterapplying the workaround. However, the recommendation is to restart themachine.
To un-register Shimgvw.dll, follow these steps:
1.
Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
2.
A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround:The Windows Picture and Fax Viewer will no longer be started when usersclick on a link to an image type that is associated with the WindowsPicture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with regsvr32 %windir%\system32\shimgvw.dll (without the quotation marks).
</td></tr><tr><td class="listBullet" valign="top"></td><td class="listItem">Microsoftencourages users to exercise caution when they open e-mail and links ine-mail from untrusted sources. For more information about SafeBrowsing, visit the Trustworthy Computing Web site.
</td></tr><tr><td class="listBullet" valign="top"></td><td class="listItem">Customersin the U.S. and Canada who believe they may have been affected by thispossible vulnerability can receive technical support from MicrosoftProduct Support Services at 1-866-PCSAFETY. There is no charge forsupport that is associated with security update issues or viruses."International customers can receive support by using any of the methodsthat are listed at Security Help and Support for Home Users Web site.
</td></tr><tr><td class="listBullet" valign="top"></td><td class="listItem">Allcustomers should apply the most recent security updates released byMicrosoft to help ensure that their systems are protected fromattempted exploitation. Customers who have enabled Automatic Updateswill automatically receive all Windows updates. For more informationabout security updates, visit the Microsoft Security Web site.
</td></tr><tr><td class="listBullet" valign="top"></td><td class="listItem">Protect Your PC
Wecontinue to encourage customers follow our Protect Your PC guidance ofenabling a firewall, getting software updates and installing ant-virussoftware. Customers can learn more about these steps by visiting Protect Your PC Web site.
</td></tr><tr><td class="listBullet" valign="top"></td><td class="listItem">For more information about staying safe on the Internet, customers can visit the Microsoft Security Home Page.
</td></tr><tr>http://www.microsoft.com/technet/securi
The person linked to wrote a fix for it -
The fix does not remove any functionality from the system, all pictures will continue to be visible. You can download it here:
http://www.hexblog.com/security/files/w
Once MS get around to a proper fix can you post about that too. Thanks.
thanks for the heads up scotto!