For those with concerns regarding the Windows WMF vulnerability, check out if your anti virus program can handle it. I also included the quick section at the end to ultimately secure your system should you so chose. Note that it will largely disable built-in picture and fax viewers.
Anti-Virus Protection for WMF Flaw Still Inconsistent
eweek.com
By Larry Seltzer
December 31, 2005
Days after the revelation of a flaw in Windows' handling of WMF graphics files, dozens of exploits are being spread from thousands of adware sites. But good protection is available.
At the same time, further testing confirms that a workaround issued by third parties and endorsed by Microsoft Corp. is effective in most regards, and in the most important circumstances, but not in all. Also, the workaround has side effects that could prove troublesome.
AV-Test, which tests anti-malware products, has been tracking the situation closely and has, so far, analyzed 73 variants of malicious WMF files. Products from the following companies have identified all 73:
Alwil Software (Avast)
Softwin (BitDefender)
ClamAV
F-Secure Inc.
Fortinet Inc.
McAfee Inc.
ESET (Nod32)
Panda Software
Sophos Plc
Symantec Corp.
Trend Micro Inc.
VirusBuster
These products detected fewer variants:
62 — eTrust-VET
62 — QuickHeal
61 — AntiVir
61 — Dr Web
61 — Kaspersky
60 — AVG
19 — Command
19 — F-Prot
11 — Ewido
7 — eSafe
7 — eTrust-INO
6 — Ikarus
6 — VBA32
0 — Norman
...
The effective fix de-registers a DLL from the system relied on by the Windows Picture and Fax Viewer program. To effect the change, click Start, then Run, then enter the following command:
regsvr32 /u %windir%\system32\shimgvw.dll
To re-enable the same DLL, click Start, then Run, then enter the following command:
regsvr32 %windir%\system32\shimgvw.dll
This fix prevents exploitation when a WMF file is loaded from Windows Explorer or Internet Explorer.
... |
