WMF 0-day update
Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there’s a “possible vulnerability”… fortunately, their technical document is a bit more straightforward… technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There’s a bit more disturbing stuff coming too…
The Security Fix is reporting that this affects more than just Windows XP and WIndows 2003… in fact it affects every version of Windows back to Windows 98. Additionally, it affects any image that relies on the WMF viewer library, which unfortunately extends BEYOND WMF files. Even specially crafted JPG’s and GIF’s appear to be possible culprits.
The upshot of all of this is the “vectors” to exploit this are many: specially crafted image file in a web page; html email; (even email attachment); embedded image in a document, etc. The first workaround is sounding to be the best (if inelegant), becuase it disables the use of the vulnerable library.
That first workaround was…
Start button on the taskbar.
2. Click on Run…
3. Type “regsvr32 /u shimgvw.dll” to disable.
4. Click ok when the change dialog appears.iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven’t had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command “regsvr32 shimgvw.dll” in step three above.
Popularity: 1% [?]
Related Posts - Version 2 of the WMF exploit vs Windows 98 SE Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for......
- Microsoft Security advisory on WMF exploit I've read the security advisory and unfortunately Microsoft doesn't give any real workarounds. (There have been several announced from other sources.) Unfortunately, Microsoft: 1)urges caution in opening email and links from untrusted sources, and 2) wants you to call them if you've been affected by this. (1-866-PCSAFETY) and 3) make......
- WMF 0-day exploit There seems to be a 0-day exploit involving WMF (Windows Meta File's) according to SANS. Here's their lead-in Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq. It's......
Related Websites - Stained Glass Windows Antiques -> Architectural and Garden -> Stained Glass Windows-> Pre-1900 Stained glass windows are more than just functional windows, they are works of art that can express exalted meanings or simply beautify a room. When you are shopping for antique stained glass, it’s important to understand the amount of time......
- Wordpress Backup Wordpress Backup is an essential plugin for all Wordpress blog administrators by the Blog Traffic Exchange. It performs regular backups of your upload (images) current theme, and plugin directories. Backup files are available for download and optionally emailed to a specified email. Don't get caught without a recent backup of......
- n00b guide to Facebook Privacy Want to protect your Facebook account's privacy? Here's a post to guide you to safeguard your privacy to the maximum. Note: This is a long post. Please wait while all the images load. It may take some time, depending on your net connection. Click on the thumbnails for a larger......
Similar Posts
- Workaround for the critical WMF zero-day exploit
- Update on the WMF exploit – more sites to block
- WMF exploit situation summary…
- Blackberry Security Hole
- Serious Symantec Antivirus Vulnerability