| Forum Index » Geek Chat » New IM Worm Exploiting WMF Vulnerability |
|
Page 1 of 1 |
|
| Author |
Message |
| townbaby |
 Posted: Jan 03, 2006 11:25 am |
 |
|
大好きだよ。
Joined: 08 Jul 2005
Posts: 206
Location: Malaysia
|
A new Instant Messaging worm exploiting unpatched Windows Metafile vulnerability. This worm is using MSN to spread.
Microsoft Security Article
Solutions from Microsoft as in the link:
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1
Microsoft has tested the following workaround. While this workaround will not correct the underlying vulnerability, it helps block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Note: The following steps require Administrative privileges. It is recommended that the machine be restarted after applying this workaround. It is also possible to log out and log back in after applying the workaround. However, the recommendation is to restart the machine.
To un-register Shimgvw.dll, follow these steps:
- Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
- A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).
This video is from a trusted site. It will show how the worm behave.
http://www.websensesecuritylabs.com/images/alerts/wmf-movie.wmv
Microsoft aim to release a patch on 10 of January.
Edited: If you dont like to read, here's the sum.
There is a WMF exploit amd if you're using any Microsoft OS there's a chance you might infected it (Windows XP and 2003 are easily exploitable). Yes you might get it by just surfing the internet with IE or downloading some images. So please disable the Image Ready and Fax VIewer by typing this in your cmd i.e. Run.. in start menu (shortcut: Win+R).
Code: regsvr32 /u shimgvw.dll
To undo the fix, run this (not recommended until Microsoft patch this problem):
Code: regsvr32 shimgvw.dll
This is a temp fix by microsoft.
You may also visit this site for more info.
Lastly, please do not click any images link in MSN by anyone including me. |
|
|
 |
|
| eyn |
| Posted: Jan 03, 2006 2:27 pm |
|
|
羽ありたまご
Joined: 13 Apr 2005
Posts: 2082
Location: Canada
|
Thanks for the heads up, townbaby. Your original posting is a little too long for anyone to have the interest to read and get information out of it so I kinda edited your post to convey only the most important message.
For anyone who read this topic, do follow the instruction listed above because it's a Windows fundamental flaw, and your system WILL be infected if no precaution is taken. So unregister your shimgvw.dll right now and wait for Microsoft to issue a patch.
Here's a link to Slashdot story: New IM Worm Exploiting WMF Vulnerability |
|
|
|
|
| Lainay |
| Posted: Jan 03, 2006 2:51 pm |
|
|
ハイパーガル
Joined: 21 May 2005
Posts: 641
Location: USA
|
| Thanks for telling us about it! I followed the steps and whatnot, yay!!! *dances* Muahaha, no stinkin' worm is gonna get into MY computer. *patpatpat* Whee... |
|
|
|
|
| teufelinou |
| Posted: Jan 03, 2006 9:44 pm |
|
|
金魚花火
Joined: 12 Jul 2005
Posts: 153
Location: Paris
|
blah, when we're talking about computer I'm a noob  I'll wait for the patch on the 1Oth january. |
|
|
|
|
| townbaby |
| Posted: Jan 06, 2006 3:34 am |
|
|
大好きだよ。
Joined: 08 Jul 2005
Posts: 206
Location: Malaysia
|
Microsoft just release security update for WMF vulnerability.
click here
Make sure you undo the fix before applying the update. |
|
|
|
|
| kawai-no |
| Posted: Jan 06, 2006 7:58 am |
|
|
Planetarium
Joined: 11 Nov 2005
Posts: 655
Location: Finrando
|
Thanks for posting that/and the information etc out townbaby, ^^^^
now i know what to do, these things can be pain in the head sometimes   |
|
|
|
|
| usopp |
| Posted: Jan 08, 2006 11:21 am |
|
|
大好きだよ。
Joined: 05 May 2005
Posts: 210
Location: Beyond reality.
|
| LOL, i knew something like this would happen soon. Mircosoft has had probelms in the pass and it was bound to happen again. The last time it was something like windows xp had security issues which allows hackers to get in or something. I hope that they have a safer MSN messaging system next time. |
|
|
|
|
|
