Workaround for zeroday WMF exploit



It’s worth repeating a few things here. There is a nasty exploit in the way that WMF images are parsed in Windows. This means that WITHOUT user intervention a system can be remotely exploited and through that exploit various software (spyware, viruses, other malware) can be installed. There is no patch at this moment, I don’t know of my AV vendors that detect it (f-prot seems to according to their blog posts.) There is a workaround TO PREVENT INFECTION. If the system is already infected, reinstallation may be the only solution.


The workaround is posted various places, including the Sunbelt blog and basically disables the Windows picture and fax viewer. To workaround

From the command prompt, type REGSVR32 /U SHIMGVW.DLL.

The above can be copied/pasted directly into Start…Run…

This will also impact your ability to preview some images natively within windows. It’s a fair tradeoff to secure the system against this exploit. You DON’T want it and all the baggage it brings. It sounds like it’s already been bundled into metasploit. (An exploit detection program that has good uses or bad uses… Security auditing/vulnerability exploiting can be a fine line.)

It sounds as though the number of sites utilizing this are multiplying quickly. Webmail junk messages (and probably html formatted emails in traditional mail clients may also be a vector of attack.)

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft Update day for September.... AND Flash... AND Apple Yesterday, of course, Microsoft released it's monthly patches. I found the Windows update site to be painfully slow (and in some cases unresponsive.) It wasn't quite a huge update day by recent standards, but here's the summary.... Incidents.org has a nice chart showing the two re-released patches (one is actually......
  • Cleaning up after the WMF exploit OK, I mentioned that I infested a virtual machine with the current WMF 0-day exploit. First I should probably clarify. An exploit is a means of getting in to a system. The payload is the software that is installed. In the case of my experience there was a long list......
  • Third Party WMF patch The F-secure blog is reporting on a third party patch for the WMF exploit. I have not tested it, it seems to come from a knowledgable source though. As I'm writing this though, the thought strikes me that a really nasty trick would be a claimed fix that actually exploited......
Blog Traffic Exchange Related Websites
  • On The Web Affiliate Company Tactics That May Warranty You Make Affiliate Revenues Online affiliate business companies offer different services and products. In addition they have various modes of payment structures. Therefore, it may be prudent to research to see which... In a online money generating venture, online affiliate business included, it is always advisable to sample different products, services and corporations. In......
  • 7 Reader Friendly Corporate Blogs Tips You want your blog to be engaging, but that may not always be easy. Here are some great tips on how to keep your corporate blog reader friendly. 1. Pick your design well. One of the biggest problems for corporate blogs is design. You can need to make sure that......
  • Automated Blogging - Before Starting You Might Want To Know... Automated Blogging - Can You Really Earn Crazy Amounts Of Money? [/caption] This is a topic that I wanted to open up to discussion mainly because I have messed around with automated blogging in a couple of different niches and really am wondering: If there are people out there getting......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site