8082 - If you use a windows system, please take care

[scottobear]

http://www.hexblog.com/2005/12/wmf_vuln.html

possibly the worst Windows hole ever, affects all versions, and spreading fast; install this now, as even viewing an image can infect you. - via waxy_org

Not a hoax.

Comments

[i.livejournal.com]

why would i install a "patch" for windows that wasn't released by microsoft??????

[scottobear.livejournal.com]

Here is microsoft's manual way of fixing things -

<tr><td valign="top"></td><td>

Un-registerthe Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP ServicePack 1; Windows XP Service Pack 2; Windows Server 2003 and WindowsServer 2003 Service Pack 1

Microsoft has tested the followingworkaround. While this workaround will not correct the underlyingvulnerability, it helps block known attack vectors. When a workaroundreduces functionality, it is identified in the following section.

NoteThe following steps require Administrative privileges. It isrecommended that the machine be restarted after applying thisworkaround. It is also possible to log out and log back in afterapplying the workaround. However, the recommendation is to restart themachine.

To un-register Shimgvw.dll, follow these steps:

1.	Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
2.	A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Impact of Workaround:The Windows Picture and Fax Viewer will no longer be started when usersclick on a link to an image type that is associated with the WindowsPicture and Fax Viewer.

To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with regsvr32 %windir%\system32\shimgvw.dll (without the quotation marks).

</td></tr><tr><td valign="top"></td><td>

Microsoftencourages users to exercise caution when they open e-mail and links ine-mail from untrusted sources. For more information about SafeBrowsing, visit the Trustworthy Computing Web site.

</td></tr><tr><td valign="top"></td><td>

Customersin the U.S. and Canada who believe they may have been affected by thispossible vulnerability can receive technical support from MicrosoftProduct Support Services at 1-866-PCSAFETY. There is no charge forsupport that is associated with security update issues or viruses."International customers can receive support by using any of the methodsthat are listed at Security Help and Support for Home Users Web site.

</td></tr><tr><td valign="top"></td><td>

Allcustomers should apply the most recent security updates released byMicrosoft to help ensure that their systems are protected fromattempted exploitation. Customers who have enabled Automatic Updateswill automatically receive all Windows updates. For more informationabout security updates, visit the Microsoft Security Web site.

</td></tr><tr><td valign="top"></td><td>

Protect Your PC

Wecontinue to encourage customers follow our Protect Your PC guidance ofenabling a firewall, getting software updates and installing ant-virussoftware. Customers can learn more about these steps by visiting Protect Your PC Web site.

</td></tr><tr><td valign="top"></td><td>

For more information about staying safe on the Internet, customers can visit the Microsoft Security Home Page.

</td></tr><tr>

[scottobear.livejournal.com]

Well, it's your call, of course. I trust this site and programmer, and the expoit is real, with a description of how the expolit works and what it does.

http://www.microsoft.com/technet/security/advisory/912840.mspx

[scottobear.livejournal.com]

cheers! please read how to remove it, too, should you need to do so, later on!

[scottobear.livejournal.com]

groovy! I did the same thing. :D

[weezeroni.livejournal.com]

What's a hole, and what does it expoloit and how panicked should I be??? Small words and slowly, ok Scotto? And this patch is safe to install? I trust you over AOL. Actually over lots of people. And entities. Now that I think about it :)

[scottobear.livejournal.com]

Well, the basic story is this - A security issue with all windows operating systems allows a picture, a video file or the like to run a program that can do mean things to your machine.

The person linked to wrote a fix for it -

The fix does not remove any functionality from the system, all pictures will continue to be visible. You can download it here:

http://www.hexblog.com/security/files/wmffix_hexblog14.exe

[weezeroni.livejournal.com]

I don't want mean stuff. I hate means stuff. Besides, my brother has informed me that, in technical terms, my computer is already "infested with evil." I will install it. Thank you Pumpkin!

[scottobear.livejournal.com]

uhoh... well, has your bro helped put nay anti-virus or anti-spyware on your system?

[weezeroni.livejournal.com]

Yes, and cleaners. Although at this point, it has been agreed by all the manly computer persons in my life that the best solution would be to wipe the whole thing clean and reinstall hopefully uncorrupted stuff. Clean slate.

[scottobear.livejournal.com]

the patch seems safe to install - I've had it running for about 12 hours now.

[weezeroni.livejournal.com]

And it hasn't hampered anything?

[scottobear.livejournal.com]

nope! if you need to remove it for anything, there are instructions on the site, too.

[weezeroni.livejournal.com]

Fab. Thank you!

[scottobear.livejournal.com]

happy to help!

[eryx-uk.livejournal.com]

Thanks for the heads up. Installed.

Once MS get around to a proper fix can you post about that too. Thanks.

[scottobear.livejournal.com]

absolutely... hopefully, they'll issue a security relase within the next few days.

[rejectomorph]

All patched. Thanks. I'll pass this along.

patch

[scottobear.livejournal.com]

good deal! thanks for passing it along!

[anony-moos.livejournal.com]

thanks for this dude. I know naff all about computers, but going on the fact you told me to, I have downloaded it!

[scottobear.livejournal.com]

Hope I'm helping to keep you safe!

[oneeyedcat.livejournal.com]

Hey!

thanks for the heads up scotto!

[scottobear.livejournal.com]

cheers!

[phillykat.livejournal.com]

thanks bud

[scottobear.livejournal.com]

cheers!

thanks anyways, no go

[peradouro.livejournal.com]

Got the email but tiny brain puter has old haggard system I reckon. Prog downloaded but message said it wouldn't work with system. SO, I'll save it in my email til I get a real puterachine stead o this here borrowed laptop with mangled typeness. TY muchly.

Re: thanks anyways, no go

[scottobear.livejournal.com]

best of luck! just be careful where you surf this week!