Update on the WMF exploit – more sites to block



I haven’t checked to see if these are already on other block lists for the WMF exploit, but the following addresses are advised to be blocked (from f-secure)….

toolbarbiz[dot]biz
toolbarsite[dot]biz
toolbartraff[dot]biz
toolbarurl[dot]biz
buytoolbar[dot]biz
buytraff[dot]biz
iframebiz[dot]biz
iframecash[dot]biz
iframesite[dot]biz
iframetraff[dot]biz
iframeurl[dot]biz


The “unregister workaround” is the best at this point because it will prevent ANY file extension image being used to trigger the exploit. It is possible for other image types to be used.

1. Click Start, click Run, type “regsvr32 -u %windir%system32shimgvw.dll”
(without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started
when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

From… f-secure reporting on MS security advisory.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • WMF 0-day exploit There seems to be a 0-day exploit involving WMF (Windows Meta File's) according to SANS. Here's their lead-in Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq. It's......
  • Workaround for the critical WMF zero-day exploit The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image...) would be enough to get the system owned. It sounds as though a FULL reinstall is the best......
Blog Traffic Exchange Related Websites
  • Toms Takes Colonial in Surprise Victory Everyone was shocked by the win of David Toms over Charlie Wi. Even Toms was shocked enough to make the comment that he must be “dreaming”. He has not seen a victory in five years and was afraid that he would not see another one. He was definitely not expected......
  • FAQ about computer security Q: The virus blocked the registry access and how to get rid of it?A: You can deal with like this: 1. Click on Start -> Run (or Start Search in Windows Vista). 2. Enter GPEdit.msc and then press Enter. 3. Navigate to the following location: User Configuration -> Administrative Templates......
  • WordPress Plugins These Wordpress plugins are offered by the Blog Traffic Exchange. Enjoy Related Websites / Related Posts Cloud based multi-site related posts plugin. Traffic balancing algorithm to ensure equality based on traffic. Randomization to spread the effect. New traffic opportunities every 24 hours. Increase your traffic today, join the Blog Traffic......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site