Microsoft Confirms WMF Vulnerability
On December 31st, a new and improved version of the WMF exploit had been published. The new exploit generated WMF files that were different enough to bypass nearly all Anti-Virus and IDS signatures. (Meaning your antivirus program will not detect the virus) Different methods of distributing the virus, such as e-mails and instant messenger chats have already been seen in the wild, as more and more worms and trojans have been utilising the exploit to gain access to computers running the Windows operating system.
Microsoft has confirmed the REGSVR32 workaround as a viable solution to protect your PC until they have had time to fully research the vulnerability and issue a patch. The following is a quote from the Microsoft Security Advisory.
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type " regsvr32 -u %windir%/system32/shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
|