computerguy
01-03-2006, 01:36 PM
Hey all...
Yeah, I know... what's new. Windows has ANOTHER hole in it...
Well, this one is pretty critical. It was discovered on Thursday last week I believe, and we've (us geeks) been talking about it since.
There's a vulnerability in the way Windows renders images. The exploit is publicly available, and any trojan/virus/spyware writer can get their hands on it to infect your system just by you viewing a web page or email with an infected image...
There is no patch yet. It's causing quite a storm in the computer security circles... it's a zero day exploit that is being discovered as more serious each day.
Anyway, I just wanted to write a note to warn you all.. be careful with your surfing out there... (switch to firefox... although this exploit can get through older versions of firefox too... and even 1.5 if you click the right choice when firefox promts you about the image)... and for your own sake, turn off the preview pane in your email... you know, the little box underneath your messages that lets you click a message and read it in the window below....
Right now, there's only a couple things that you can do to limit your vulnerability to the exploit.
Warning: Geek speak ahead
First, unregister SHIMGVW.DLL
This is your best workaround for the time being (realizing that nothing is perfect). As CERT says, “Remapping handling of Windows Metafiles to open a program other than the default Windows Picture and Fax Viewer (SHIMGVW.DLL) may prevent exploitation via some current attack vectors. However, this may still allow the underlying vulnerability to be exploited via other known attack vectors.”
To do this...
From the command prompt, type
REGSVR32 /U SHIMGVW.DLL
A reboot is recommended. (It works post reboot as well. It is a permanent workaround).
This effectively disables your ability to view images using the Windows picture and fax viewer via IE.
However, it is not the most elegant fix. You’re probably going to have all kinds of problems viewing images.
But, no biggie: Once the exploit is patched, you can simply type “REGSVR32 SHIMGVW.DLL” to bring back the functionality.
And, it is a preventative measure. If you are already infected, it will not help.
Works for IE, should work fine for Firefox users as well.
Secondly, for those using Win 2000/XP there is an unofficial hotfix patch available that seems to be helping.... Read information on that fix here:
http://sunbeltblog.blogspot.com/2006/01/wmf-update.html
Normally I wouldn't post something like this on this type of forum, but thought it was a good idea to warn ya'll...
Regards,
Dusty
Edit: Typo
Yeah, I know... what's new. Windows has ANOTHER hole in it...
Well, this one is pretty critical. It was discovered on Thursday last week I believe, and we've (us geeks) been talking about it since.
There's a vulnerability in the way Windows renders images. The exploit is publicly available, and any trojan/virus/spyware writer can get their hands on it to infect your system just by you viewing a web page or email with an infected image...
There is no patch yet. It's causing quite a storm in the computer security circles... it's a zero day exploit that is being discovered as more serious each day.
Anyway, I just wanted to write a note to warn you all.. be careful with your surfing out there... (switch to firefox... although this exploit can get through older versions of firefox too... and even 1.5 if you click the right choice when firefox promts you about the image)... and for your own sake, turn off the preview pane in your email... you know, the little box underneath your messages that lets you click a message and read it in the window below....
Right now, there's only a couple things that you can do to limit your vulnerability to the exploit.
Warning: Geek speak ahead
First, unregister SHIMGVW.DLL
This is your best workaround for the time being (realizing that nothing is perfect). As CERT says, “Remapping handling of Windows Metafiles to open a program other than the default Windows Picture and Fax Viewer (SHIMGVW.DLL) may prevent exploitation via some current attack vectors. However, this may still allow the underlying vulnerability to be exploited via other known attack vectors.”
To do this...
From the command prompt, type
REGSVR32 /U SHIMGVW.DLL
A reboot is recommended. (It works post reboot as well. It is a permanent workaround).
This effectively disables your ability to view images using the Windows picture and fax viewer via IE.
However, it is not the most elegant fix. You’re probably going to have all kinds of problems viewing images.
But, no biggie: Once the exploit is patched, you can simply type “REGSVR32 SHIMGVW.DLL” to bring back the functionality.
And, it is a preventative measure. If you are already infected, it will not help.
Works for IE, should work fine for Firefox users as well.
Secondly, for those using Win 2000/XP there is an unofficial hotfix patch available that seems to be helping.... Read information on that fix here:
http://sunbeltblog.blogspot.com/2006/01/wmf-update.html
Normally I wouldn't post something like this on this type of forum, but thought it was a good idea to warn ya'll...
Regards,
Dusty
Edit: Typo