Thursday, December 29, 2005

Coming to a PC near you - an unpatched Windows flaw that exploits Windows Meta File (WMF files) - The zero-day exploit

It's time yet again to watch what emails you open, which sites you visit, and what IM's you click links on VERY carefully! A flaw in the way Windows XP and Windows 2003 Server OS handles Windows Meta File (WMF) files has been exploited, and it can affect your PC even if your copy of Windows XP is fully patches and you run up-to-date anti-virus. As of this writing, Microsoft has no patch ready to fix the flaw in Windows, and the exploit is rampant on thousands of malicious websites. Read more about it here.
There is a workaround available, thanks to Verisign's iDefense. I've copied the procedure (and the possible drawback) below.

According to iDefense, Windows users can disable the rendering of WMF files using the following hack:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command "regsvr32 shimgvw.dll" in step three above.

Hope that helps you if you are worried about this - and I think you should be!

No comments: