Classic tech archive.
From the original averyjparker.com tech blog — historical context; pair with modern guides where noted.
Full archive · Maker projects ·
Network Ninja
Classic tip · Classic
Workaround for the critical WMF zero-day exploit
The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious ema…
The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image...) would be enough to get the system owned. It sounds as though a FULL reinstall is the best solution. Sunbelt has had some coverage...
There's also a good deal over at The security fix. There is reported a workaround to immunize a system against the attack....
1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.
iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven't had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command "regsvr32 shimgvw.dll" in step three above.They are now reporting the exploit on thousands of web sites installing bogus anti-spyware software (prompting for credit card information to clean up the infection.) It also installs a mail server and starts sending out SPAM. Be cautious and hope for a fix from Microsoft SOON. Given that we're in between Christmas and New Year's web traffic seems to be higher, home machines may be getting hammered by this.