By: |
On 28 of December a severe Windows security flaw, WMF Flaw, was detected, in all Windows versions from Win98 to WinXP, no fixing patch exists yet. Using it, anyone can do any malicious action with your computer, steal or even erase your data. This article will help you understand what it is and how YOU can fix it until Microsoft releases a patch. By Washington Post: "Computers can be infected simply by visiting one of the Web sites or viewing an infected image in an e-mail through the preview pane [...] even if users did not click on anything or open any files." "Microsoft said in a statement yesterday that it is investigating the vulnerability and plans to issue a software patch to fix the problem. The company could not say how soon that patch would be available." severe it is: "This vulnerability can be used to install any type of malicious code, not just Trojans and spyware, but also worms, bots or viruses that can cause irreparable damage to computers," said Luis Corrons of Panda Software. In a security advisory posted on its Web site, Microsoft confirmed the vulnerability and the associated release of exploit code that could compromise PCs, and listed the operating systems at risk. support expert comments on the situation, advising a cure: "The vulnerability is in the Microsoft Windows Graphics Rendering Engine, that is why the exploit affects Windows versions from Win98 to WinXP. Unlike other security vulnerabilities, this one allows a _data file_ to execute arbitrary code upon it being viewed. In other words, a (picture) data file can contain executable code to "help" Windows display it, and Windows will execute it unquestionably. Your computer can be infected whenever Windows uses its default image viewer to display certain image types. This means there is a long list of applications that are vulnerable that rely upon the image viewer code. Windows uses this code when previewing images, for example. What YOU can do right NOW, to secure your computer until a patch from Microsoft is released: Go to Start > Run, paste there the following line: regsvr32 /u shimgvw.dll and press OK. If everything goes right, you'll see the following message: "DllUnregisterServer in shimgvw.dll succeeded. "It will disable the problematic dll, forcing all other programs to use their own engines, if exist. Keep in mind that this will disable thumbnail previews in Windows Explorer. One may experience problems with opening any image file after unregistering this dll. (To reactivate this feature: Start > Run > regsvr32 shimgvw.dll)We will send another update, when the patch from Microsoft is released, with instructions how to apply the patch and re-activate the feature. "And another important thing: since this is such a serious flaw, you may start getting phishing emails pretending to originate at Microsoft, urging you to do something with your computer, apply some "patches". Don't do it. Find the true information at microsoft.com or wait for the links at microsoft.com we'll publish later.
|
Security | ||||||||||||||||||||||||||||||||||||||||
|
|