Workaround for the critical WMF zero-day exploit



The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image…) would be enough to get the system owned. It sounds as though a FULL reinstall is the best solution. Sunbelt has had some coverage…


There’s also a good deal over at The security fix. There is reported a workaround to immunize a system against the attack….

1. Click on the Start button on the taskbar.
2. Click on Run…
3. Type “regsvr32 /u shimgvw.dll” to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven’t had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command “regsvr32 shimgvw.dll” in step three above.

They are now reporting the exploit on thousands of web sites installing bogus anti-spyware software (prompting for credit card information to clean up the infection.) It also installs a mail server and starts sending out SPAM.

Be cautious and hope for a fix from Microsoft SOON. Given that we’re in between Christmas and New Year’s web traffic seems to be higher, home machines may be getting hammered by this.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF exploit through indexing software One of the vectors that has been mentioned early on is the infection of a system through the WMF exploit even when the exploited file was downloaded through a dos command shell. At first this seemed absurd, but it appeared that Google Desktop search was indexing files dynamically and once......
  • WMF exploit unofficial patch Sans is talking about the unofficial patch for the WMF vulnerability. One of their handlers has helped with it to extend it to work on XP SP 1 and Windows 2000. They've also looked at the patch thoroughly and it sounds as though it's very well done. We want to......
  • WMF 0-day update Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there's a "possible vulnerability"... fortunately, their technical document is a bit more straightforward... technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There's a bit more......
Blog Traffic Exchange Related Websites
  • A Look at the Lyre The lyre is a type of stringed musical instrument that is well known for having been used widely in classical antiquity as well as later on. The recitations made by the Ancient Greeks were often accompanied by playing the Lyre. The Lyre known of in classical Antiquity was typically played......
  • Homegrown Jihad Haulted by NYPD & FBI... Don't Sleep... Sunday Paper - May 24th, 2009 While the Department of Homeland Security is fast at work issuing reports on Rightwing Extremists (which are later retracted due to public outrage) and cutting funding to New York City's urban security funds by 40% , four Muslim men from Newburgh, NY (three who are U.S. citizens) were......
  • How to Get Acoustic Instruments Repaired When attempting to repair your acoustic instrument, you should exercise caution. Doing basic information by yourself is not all that difficult, but you can also easily damage a guitar or other acoustic instrument if you are not careful. If there is any doubt at all in your mind, you should......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site