Forum Index  »  Geek Chat  »  New IM Worm Exploiting WMF Vulnerability
 Post new topic   Reply to topic
Page 1 of 1    

New IM Worm Exploiting WMF Vulnerability

Author Message
Posted: Jan 03, 2006 11:25 am Reply with quote
大好きだよ。 大好きだよ。
Joined: 08 Jul 2005 Posts: 206 Location: Malaysia
A new Instant Messaging worm exploiting unpatched Windows Metafile vulnerability. This worm is using MSN to spread.

Microsoft Security Article

Solutions from Microsoft as in the link:
    Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1

    Microsoft has tested the following workaround. While this workaround will not correct the underlying vulnerability, it helps block known attack vectors. When a workaround reduces functionality, it is identified in the following section.

    Note: The following steps require Administrative privileges. It is recommended that the machine be restarted after applying this workaround. It is also possible to log out and log back in after applying the workaround. However, the recommendation is to restart the machine.

    To un-register Shimgvw.dll, follow these steps:
    • Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
    • A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

    Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

    To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).

This video is from a trusted site. It will show how the worm behave.

Microsoft aim to release a patch on 10 of January.

Edited: If you dont like to read, here's the sum.

There is a WMF exploit amd if you're using any Microsoft OS there's a chance you might infected it (Windows XP and 2003 are easily exploitable). Yes you might get it by just surfing the internet with IE or downloading some images. So please disable the Image Ready and Fax VIewer by typing this in your cmd i.e. Run.. in start menu (shortcut: Win+R).

regsvr32 /u shimgvw.dll

To undo the fix, run this (not recommended until Microsoft patch this problem):

regsvr32 shimgvw.dll

This is a temp fix by microsoft.

You may also visit this site for more info.

Lastly, please do not click any images link in MSN by anyone including me.
Posted: Jan 03, 2006 2:27 pm Reply with quote
羽ありたまご 羽ありたまご
Joined: 13 Apr 2005 Posts: 2094 Location: Canada
Thanks for the heads up, townbaby. Your original posting is a little too long for anyone to have the interest to read and get information out of it so I kinda edited your post to convey only the most important message.

For anyone who read this topic, do follow the instruction listed above because it's a Windows fundamental flaw, and your system WILL be infected if no precaution is taken. So unregister your shimgvw.dll right now and wait for Microsoft to issue a patch.

Here's a link to Slashdot story: New IM Worm Exploiting WMF Vulnerability
Posted: Jan 03, 2006 2:51 pm Reply with quote
ハイパーガル ハイパーガル
Joined: 21 May 2005 Posts: 641 Location: USA
Thanks for telling us about it! I followed the steps and whatnot, yay!!! *dances* Muahaha, no stinkin' worm is gonna get into MY computer. *patpatpat* Whee...
Posted: Jan 03, 2006 9:44 pm Reply with quote
金魚花火 金魚花火
Joined: 12 Jul 2005 Posts: 153 Location: Paris
blah, when we're talking about computer I'm a noob Sneeze I'll wait for the patch on the 1Oth january.
Posted: Jan 06, 2006 3:34 am Reply with quote
大好きだよ。 大好きだよ。
Joined: 08 Jul 2005 Posts: 206 Location: Malaysia
Microsoft just release security update for WMF vulnerability.

click here

Make sure you undo the fix before applying the update.
Posted: Jan 06, 2006 7:58 am Reply with quote
Planetarium Planetarium
Joined: 11 Nov 2005 Posts: 655 Location: Finrando
Thanks for posting that/and the information etc out townbaby, ^^^^
now i know what to do, these things can be pain in the head sometimes Giggle Smile
Posted: Jan 08, 2006 11:21 am Reply with quote
大好きだよ。 大好きだよ。
Joined: 05 May 2005 Posts: 210 Location: Beyond reality.
LOL, i knew something like this would happen soon. Mircosoft has had probelms in the pass and it was bound to happen again. The last time it was something like windows xp had security issues which allows hackers to get in or something. I hope that they have a safer MSN messaging system next time.
Post new topic   Reply to topic
Page 1 of 1    
All times are GMT - 5 Hours
The time now is Jul 17, 2019 2:31 am
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum