Workaround for the critical WMF zero-day exploit



The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image…) would be enough to get the system owned. It sounds as though a FULL reinstall is the best solution. Sunbelt has had some coverage…


There’s also a good deal over at The security fix. There is reported a workaround to immunize a system against the attack….

1. Click on the Start button on the taskbar.
2. Click on Run…
3. Type “regsvr32 /u shimgvw.dll” to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven’t had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command “regsvr32 shimgvw.dll” in step three above.

They are now reporting the exploit on thousands of web sites installing bogus anti-spyware software (prompting for credit card information to clean up the infection.) It also installs a mail server and starts sending out SPAM.

Be cautious and hope for a fix from Microsoft SOON. Given that we’re in between Christmas and New Year’s web traffic seems to be higher, home machines may be getting hammered by this.

Related Posts

Blog Traffic Exchange Related Posts
  • NEW exploit for the WMF vulnerability Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it's worse. Sans is reporting on a new variation on the exploit released today. They have gone to yellow (again) to warn people. Here are some details. This exploit was "made by the......
  • Lotus Notes WMF vulnerability This is really the same zero-day wmf vulnerability, but there is a twist. It's been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that's making the rounds. Probably not surprising given that there are reports of many vectors of attack, not......
  • Update on the WMF exploit - more sites to block I haven't checked to see if these are already on other block lists for the WMF exploit, but the following addresses are advised to be blocked (from f-secure).... toolbarbiz[dot]biz toolbarsite[dot]biz toolbartraff[dot]biz toolbarurl[dot]biz buytoolbar[dot]biz buytraff[dot]biz iframebiz[dot]biz iframecash[dot]biz iframesite[dot]biz iframetraff[dot]biz iframeurl[dot]biz The "unregister workaround" is the best at this point because it......
Blog Traffic Exchange Related Websites
  • Homegrown Jihad Haulted by NYPD & FBI... Don't Sleep... Sunday Paper - May 24th, 2009 While the Department of Homeland Security is fast at work issuing reports on Rightwing Extremists (which are later retracted due to public outrage) and cutting funding to New York City's urban security funds by 40% , four Muslim men from Newburgh, NY (three who are U.S. citizens) were......
  • Warning: Visiting This Site May Harm Your Computer Removal So you've just noticed that when you search for your website in Google, along with your standard listing you also have a message which reads "Warning Visiting This Site May Harm Your Computer". This article is all about *why* this warning appears, how to correct any issues with your......
  • Is Intivar A Scam? Things To Know Intivar is a brand new rejuvenating gel solely designed for women and guarantees to obtain the ultimate enjoyment in sexual encounters. Is Intivar a scam? In fact, this is the solitary item that has obtained a bombarding acknowledgment among women, no matter age. The internet marketplace may encompass a huge......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site