I haven’t checked to see if these are already on other block lists for the WMF exploit, but the following addresses are advised to be blocked (from f-secure)….
The “unregister workaround” is the best at this point because it will prevent ANY file extension image being used to trigger the exploit. It is possible for other image types to be used.
1. Click Start, click Run, type “regsvr32 -u %windir%system32shimgvw.dll”
(without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started
when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
Related PostsRelated Posts
- WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
- WMF 0-day exploit There seems to be a 0-day exploit involving WMF (Windows Meta File's) according to SANS. Here's their lead-in Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq. It's......
- Workaround for the critical WMF zero-day exploit The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image...) would be enough to get the system owned. It sounds as though a FULL reinstall is the best......
- Toms Takes Colonial in Surprise Victory Everyone was shocked by the win of David Toms over Charlie Wi. Even Toms was shocked enough to make the comment that he must be “dreaming”. He has not seen a victory in five years and was afraid that he would not see another one. He was definitely not expected......
- FAQ about computer security Q: The virus blocked the registry access and how to get rid of it?A: You can deal with like this: 1. Click on Start -> Run (or Start Search in Windows Vista). 2. Enter GPEdit.msc and then press Enter. 3. Navigate to the following location: User Configuration -> Administrative Templates......
- WordPress Plugins These Wordpress plugins are offered by the Blog Traffic Exchange. Enjoy Related Websites / Related Posts Cloud based multi-site related posts plugin. Traffic balancing algorithm to ensure equality based on traffic. Randomization to spread the effect. New traffic opportunities every 24 hours. Increase your traffic today, join the Blog Traffic......
- WMF 0-day update
- Microsoft releases patch early for WMF exploit
- Workaround for the critical WMF zero-day exploit
- Workaround for zeroday WMF exploit
- WMF exploit situation summary…