Please read (new vulnerability in Windows found, go figure)

Started by Vekseid, December 30, 2005, 08:25:40 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Vekseid

Those of you running Windows XP, or any related operating system, ought to take heed.  A new vulnerability has been found in Windows and it's already spreading spyware and worse like mad.

Essentially it exploits a vulnerability in the .wmf file parsing in Windows.  Internet Explorer and Outlook automatically execute commands in these 'picture' files - but they are a lot more than that.  Merely visiting a page in internet explorer, seeing an e-mail in Outlook or actively viewing images through Thunderbird, or actively downloading and playing them in Firefox or Opera can trigger the vulnerability.

A current fix is to disable the rendering of wmf files, via the following instructions:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

This may cause some other troubles with some thumbnail-viewing applications, since it is a disabled feature.

Once Microsoft releases a patch, you can re-enable it by replacing step 3 above with:
regsvr32 /u shimgvw.dll

Instead.

Zakharra


Lilac

He's referring to this:

http://isc.sans.org//diary.php?storyid=972

It is a serious issue, especially with the kinds of sites that many people here no doubt visit.