Friend just emailed me this and he works with computers all day.
Take the following 3 steps:
1. Unregister shimgvw.dll:
Click Start, click Run, type "regsvr32 -u %windir%/system32/shimgvw.dll" (without the quotation marks), and then click OK.
2. Use the unofficial patch:
http://www.hexblog.com/security/files/wmffix_hexblog13.exe
3. Uninstall Google Desktop (if installed).
WMF exploit will only get worse
Released on December 28th, the Windows .WMF exploit has been a nasty one, and according to the SANS Internet Storm Center, things will only get worse.
On December 31st, a new and improved version of the WMF exploit had been published. The new exploit generated WMF files that were different enough to bypass nearly all Anti-Virus and IDS signatures. Different methods of distributing the virus, such as e-mails and instant messenger chats have already been seen in the wild, as more and more worms and trojans have been utilising the exploit to gain access to computers running the Windows operating system.
"I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad." Stated Tom Liston in the SANS Internet Storm Center Diary.
SANS and many other security sites recommend un-registering Shimgvw.dll (Microsoft picture and fax viewer) and using the unofficial patch to protect aginst the virus, until Microsoft can release an official patch. A virus scanner isn't enough to protect against some of the more advanced variants of the exploit.
"The word from Redmond isn't encouraging. We've heard nothing to indicate that we're going to see anything from Microsoft before January 9th." Said Liston in the diary.
View: SANS Internet Storm Center article
View: F-Secure Weblog
View: Microsoft Security advisory for the exploit
View: Unofficial patch sit
Take the following 3 steps:
1. Unregister shimgvw.dll:
Click Start, click Run, type "regsvr32 -u %windir%/system32/shimgvw.dll" (without the quotation marks), and then click OK.
2. Use the unofficial patch:
http://www.hexblog.com/security/files/wmffix_hexblog13.exe
3. Uninstall Google Desktop (if installed).
WMF exploit will only get worse
Released on December 28th, the Windows .WMF exploit has been a nasty one, and according to the SANS Internet Storm Center, things will only get worse.
On December 31st, a new and improved version of the WMF exploit had been published. The new exploit generated WMF files that were different enough to bypass nearly all Anti-Virus and IDS signatures. Different methods of distributing the virus, such as e-mails and instant messenger chats have already been seen in the wild, as more and more worms and trojans have been utilising the exploit to gain access to computers running the Windows operating system.
"I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad." Stated Tom Liston in the SANS Internet Storm Center Diary.
SANS and many other security sites recommend un-registering Shimgvw.dll (Microsoft picture and fax viewer) and using the unofficial patch to protect aginst the virus, until Microsoft can release an official patch. A virus scanner isn't enough to protect against some of the more advanced variants of the exploit.
"The word from Redmond isn't encouraging. We've heard nothing to indicate that we're going to see anything from Microsoft before January 9th." Said Liston in the diary.
View: SANS Internet Storm Center article
View: F-Secure Weblog
View: Microsoft Security advisory for the exploit
View: Unofficial patch sit
