Workaround for zeroday WMF exploit



It’s worth repeating a few things here. There is a nasty exploit in the way that WMF images are parsed in Windows. This means that WITHOUT user intervention a system can be remotely exploited and through that exploit various software (spyware, viruses, other malware) can be installed. There is no patch at this moment, I don’t know of my AV vendors that detect it (f-prot seems to according to their blog posts.) There is a workaround TO PREVENT INFECTION. If the system is already infected, reinstallation may be the only solution.


The workaround is posted various places, including the Sunbelt blog and basically disables the Windows picture and fax viewer. To workaround

From the command prompt, type REGSVR32 /U SHIMGVW.DLL.

The above can be copied/pasted directly into Start…Run…

This will also impact your ability to preview some images natively within windows. It’s a fair tradeoff to secure the system against this exploit. You DON’T want it and all the baggage it brings. It sounds like it’s already been bundled into metasploit. (An exploit detection program that has good uses or bad uses… Security auditing/vulnerability exploiting can be a fine line.)

It sounds as though the number of sites utilizing this are multiplying quickly. Webmail junk messages (and probably html formatted emails in traditional mail clients may also be a vector of attack.)

Related Posts

Blog Traffic Exchange Related Posts
  • Internet based filesystem with no transfer fees I thought this was a great idea.... rsync.net Okay for 2$ per GB of storage per month (or $24 per year for 1GB of storage) you can have your very own secure online storage drive. For you windows users think of a G: drive or a Z: drive that you......
  • Workaround for the critical WMF zero-day exploit The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image...) would be enough to get the system owned. It sounds as though a FULL reinstall is the best......
  • Lack of working exploit does not mean Windows 98 is safe I want to try to clarify a point. I've spent a couple days trying to get current exploits to work on a Windows 98 SE virtual machine. Not to prove that Windows 98 is safe, but to determine if current exploits affect Windows 98. Yesterday evening there were apocalyptic headlines......
Blog Traffic Exchange Related Websites
  • Joining a Blog Carnival Joining a blog carnival is capable of allowing you to improve your blog. Have you ever heard of what a blog carnival is all about? Let us go into what it takes for you to join a blog carnival including what the benefits are for participating in a blog carnival.......
  • The Opposite of Successful Blogging There is an opposite to successful blogging, which is blogging that drives your readers in the wrong direction. Take a look at this list of things that you can do to drive readers away so that you will have a better understanding of what you need to do in order......
  • Automated Blogging - Before Starting You Might Want To Know... Automated Blogging - Can You Really Earn Crazy Amounts Of Money? [/caption] This is a topic that I wanted to open up to discussion mainly because I have messed around with automated blogging in a couple of different niches and really am wondering: If there are people out there getting......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site