WMF Exploit: Temporary Patch Available!

A temporary WMF Exploit patch is available. Started reading about it on Steve Gibson's site:

Security Now
http://www.grc.com/sn/notes-020.htm ​

More about this WMF Patch can be found on the author's site (Ilfak Guilfanov):

Windows WMF Metafile Vulnerability HotFix
http://www.hexblog.com/2005/12/wmf_vuln.html ​

Ilfak has also written a little utility named:

WMF Vulnerability Checker
http://www.hexblog.com/2006/01/wmf_vulnerability_checker.html ​

Tip: For those of you that have used the CMD:

regsvr32 -u shimgvw.dll​

you can now run the CMD:

regsvr32 shimgvw.dll​

to restore the "Thumbnail" view in Windows Explorer and Window's Image and FAX viewer.

 

You're Welcome.

Been afraid to 'surf the net' for a week.

 

Hi SpywareDr,

Thanks, much better solution than the other work arounds.

You forgot one thread
http://www.windowsbbs.com/showthread.php?t=50569

Regards - Charles

 

At the moment http://www.hexblog.com/2005/12/wmf_vuln.html is unavailable i wonder if it is due to a lot of webb traffic ?

Would disabling all the items in in Internet Explorers Tools/Internet Options/Advanced/Multimedia section help ?

 

FWIW--MS Security Bulletin says they have a fix, but are still testing it. Should be available Jan. 10.
http://www.microsoft.com/technet/security/advisory/912840.mspx

 

Hi alboy,

Would disabling all the items in in Internet Explorers Tools/Internet Options/Advanced/Multimedia section help ?
I don't know, but if you do try this, make sure you can undo these settings, either by a manual SR point or drive imaging or take a "picture" of the before settings.

I can't get to the site either right now and yes, the traffic must heavy.

If you're using one of the major AV's, they have updated their defs for this.

Forgive me, but you're sounding panic driven, could cause more damage then the threat.

Regards - Charles

 

This site seems still accessible for Ilfak's fix.
http://www.grc.com/sn/notes-020.htm
See the Green Box.
Interestingly the fix has a different number than yesterday's version (#14 now).

 

charlesvar
I am not panic driven just asking if a few simple setting changes might help.

the latest message on the site reads

Account for domain hexblog.com has been suspended

But it's good news is that GRC.com is offering the downloads from it's site

 

I am not panic driven just asking if a few simple setting changes might help.
I stand corrected, apologies.

Regards - Charles

 

FWIW, both the Internet Storm Center and F-Secure have endorsed Ilfak Guilfanov's unofficial patch (posted above).

MSNBC: Windows PCs face 'huge' virus threat
http://msnbc.msn.com/id/10684853/

 

No problem Charles, installed the patch and everything seems okay
all the best for 2006

alboy

 

Thanks Pete and Steve - guess MS didn't want to wait another 5 days

Regards - Charles