Microsoft WMF Vulnerability
There's a rather nasty Windows hole called the WMF vulnerability. It's bad since the hole works on all versions of Windows and you can get infect by just looking at a web site or an e-mail. IE is worse than Firefox but you can get it through Firefox as well (but at least it brings up a dialog first). There are exploits already on the web, you are not safe. Remember, you don't have to click on anything and can still get the virus. In fact, if you use outlook and have the message preview open can get it through you e-mail even when you are not at the machine - ouch.
The easy way to remove the vulnerability (besides installing Ubuntu Linux) is to go Start Menu|Run... and type
regsvr32 /u shimgvw.dll
You won't be able to see thumbnails anymore, but that's a small price to pay. It's not a perfect cure since another program could just re-register the dll. Currently, there's no anti-virus company that blocks this exploit and Microsoft doesn't have a patch yet.
See also:
The easy way to remove the vulnerability (besides installing Ubuntu Linux) is to go Start Menu|Run... and type
regsvr32 /u shimgvw.dll
You won't be able to see thumbnails anymore, but that's a small price to pay. It's not a perfect cure since another program could just re-register the dll. Currently, there's no anti-virus company that blocks this exploit and Microsoft doesn't have a patch yet.
See also:
- MS Security Advisory (912840)
- Lots of bad advice for critical WMF.
- WMF vulnerability from the Analyst's Diary.
- SANS Handler's Diary and FAQ.
Comments