Update on the WMF exploit – more sites to block



I haven’t checked to see if these are already on other block lists for the WMF exploit, but the following addresses are advised to be blocked (from f-secure)….

toolbarbiz[dot]biz
toolbarsite[dot]biz
toolbartraff[dot]biz
toolbarurl[dot]biz
buytoolbar[dot]biz
buytraff[dot]biz
iframebiz[dot]biz
iframecash[dot]biz
iframesite[dot]biz
iframetraff[dot]biz
iframeurl[dot]biz


The “unregister workaround” is the best at this point because it will prevent ANY file extension image being used to trigger the exploit. It is possible for other image types to be used.

1. Click Start, click Run, type “regsvr32 -u %windir%system32shimgvw.dll”
(without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started
when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

From… f-secure reporting on MS security advisory.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF 0-day exploit There seems to be a 0-day exploit involving WMF (Windows Meta File's) according to SANS. Here's their lead-in Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq. It's......
  • Epson Perfection 1650 scanner and Windows XP Limited User account "We tried scanning and all that happened was the lamp moved back and forth.... Nothing else happened." That was the description I had and the request to see why the scanner was broken. It hadn't been long since the Epson scanner had been hooked up to a new XP Pro......
  • Workaround for the critical WMF zero-day exploit The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image...) would be enough to get the system owned. It sounds as though a FULL reinstall is the best......
Blog Traffic Exchange Related Websites
  • What is Patch Tuesday? Excellent explanation of Patch Tuesday by TMI Engineering Patch Tuesday is the second Tuesday of each month, the day on which Microsoft releases security patches. Starting with Windows 98, Microsoft included a "Windows Update" system, that would check for patches to Windows and its components which Microsoft would release intermittently. With......
  • Toms Takes Colonial in Surprise Victory Everyone was shocked by the win of David Toms over Charlie Wi. Even Toms was shocked enough to make the comment that he must be “dreaming”. He has not seen a victory in five years and was afraid that he would not see another one. He was definitely not expected......
  • 7 Tips for Printing Web Pages Printing web pages is very useful for many people. Business owners might need to print web orders or invoices. Online shoppers may print the confirmation page for a recent order. Also, people who pay bills online may print pages for their records. Whatever the reason, printing web pages can be......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site