Sign In
Register
Help
http://www.iexbeta.com/images/news/icons/view.gif Advisories: F-Secure Article | Sunbelt Article | Security Focus Article
http://www.iexbeta.com/images/news/icons/view.gif View: Full Article
http://www.iexbeta.com/images/news/icons/globe.gif News source: BBC News | Technology
Sites Exploit Windows Image Flaw
Rate Topic:
MultiQuote
#2
- Member
-
- Group: Members
- Posts: 311
- Joined: 04-September 02
Posted 29 December 2005 - 04:26 PM
There's currently a momentary fix while Microsoft puts out a patch:
1.
Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
2.
A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).
And here's Microsoft official statement:
http://www.microsoft...ory/912840.mspx
1.
Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
2.
A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).
And here's Microsoft official statement:
http://www.microsoft...ory/912840.mspx
#4
- tehmad1
-
- Group: Retired Crew
- Posts: 6076
- Joined: 04-September 02
- Gender:Male
- Location:Glasgow, Scotland
- Interests:Burdz!
Posted 30 December 2005 - 12:59 AM
Another impact of this de-registration process is that image thumbnails/explorer previews will no longer be displayed....
It's a bit of a pain in the ass, as I like these features, and to not have use of the Windows Picture and Fax Viewer is crap too! :(
Hopefully MS will close this hole soon <_<
It's a bit of a pain in the ass, as I like these features, and to not have use of the Windows Picture and Fax Viewer is crap too! :(
Hopefully MS will close this hole soon <_<
#5
- It's Butters!
-
- Group: Members
- Posts: 6847
- Joined: 25-October 02
- Gender:Male
- Location:C-Bus, Ohio
Posted 30 December 2005 - 02:20 AM
WOW i feel so insecure! if i just so happen to go to one of these few websites on the billions of websites to choose from on the internet, i guess i'd be screwed! oh but what are the odds of that? not very great. MEH.
#6
- Member
-
- Group: Members
- Posts: 311
- Joined: 04-September 02
Posted 30 December 2005 - 02:47 AM
madTaMsKi, on Dec 29 2005, 23:59, said:
Another impact of this de-registration process is that image thumbnails/explorer previews will no longer be displayed....
It's a bit of a pain in the ass, as I like these features, and to not have use of the Windows Picture and Fax Viewer is crap too! :(
Hopefully MS will close this hole soon <_<
It's a bit of a pain in the ass, as I like these features, and to not have use of the Windows Picture and Fax Viewer is crap too! :(
Hopefully MS will close this hole soon <_<
Well you can still use Windows Picture & Fax viewer with no problem and you can continue to see all types of graphic files except for WMF types, yeah the thumbnails is a side effect, but hey its not really a big deal, and you can always instantly turn the feature ON or OFF, its not like you once you do it you cannot reverse it or have to reboot or something, its takes a second to register then de-register the .dll that's much better than risking to be infected, To give you an idea, you could get infected right here on this board if some bad person decides to embed an infected graphic on their post. So watch out!
Unregister the DLL is not a big deal.
#8
- Harder, Better, Faster, Stronger
-
- Group: Members
- Posts: 1457
- Joined: 02-June 04
- Location:United Kingdom of Great Britain and Ireland
Posted 30 December 2005 - 11:52 AM
@MadTamski: same for me, too.
I'm using irfran view now, but its not as good as Win Pic/Fax for just flicking through images quickly.
I'm using irfran view now, but its not as good as Win Pic/Fax for just flicking through images quickly.
#9
- Member
-
- Group: Members
- Posts: 311
- Joined: 04-September 02
Posted 30 December 2005 - 04:02 PM
My bad, sorry guys it does indeed disable Windows Picture & Fax viewer, You can then use Irfanview while this thing is fixed or you simply register/de-register the .dll whenever you need to browse through pictures of faxes, Sorry for the missleading information guys.
#10
- Version 5.1
-
- Group: Members
- Posts: 3288
- Joined: 09-September 02
Posted 01 January 2006 - 10:08 AM
Well, i dont mind to stop using Windows pictures and fax viewer i used to use ACDSee long time go, but i dont agree to disable thumbnail view, you lose one of the old important feature in any OS, i just wonder how is the exploit work ? is it related to the way which Windows use to handle and show images using shimgvw.dll? so how about another browsers for example is they use the same dll ? anyway how about the patch is it out yet ?
#11
- Punjabi Shera
-
- Group: Retired Crew
- Posts: 6370
- Joined: 24-June 04
- Gender:Male
- Location:Earth
- Interests:ermmmmm gettin drunk, havin a laff, and screwin up my skool computers :D
Posted 01 January 2006 - 09:25 PM
This is now classified as exteremly criictal flaw. There is a new wmf exploit, MUCH worse than the one discovered on the 28th dec.
I would advise that everyone read the follow links, and visit them reguarly to keep themsevles updated.
http://isc.sans.org/...rss&storyid=996
http://www.f-secure.com/weblog/
http://www.microsoft...ory/912840.mspx
http://www.hexblog.c...2/wmf_vuln.html (unofficial patch)
recommened action: disable windows picture and fax viewer (link), and apply the unofficial patch.
I would advise that everyone read the follow links, and visit them reguarly to keep themsevles updated.
http://isc.sans.org/...rss&storyid=996
http://www.f-secure.com/weblog/
http://www.microsoft...ory/912840.mspx
http://www.hexblog.c...2/wmf_vuln.html (unofficial patch)
recommened action: disable windows picture and fax viewer (link), and apply the unofficial patch.
#12
- n00b
-
- Group: Members
- Posts: 10
- Joined: 27-December 05
Posted 01 January 2006 - 11:41 PM
Here Is hotfix http://sunbeltblog.b...guilfanovs.html
#14
- n00b
-
- Group: Members
- Posts: 10
- Joined: 27-December 05
Posted 02 January 2006 - 05:16 AM
Here Is link to WMF Vulnerability checker: http://sunbeltblog.b...ty-checker.html
#15
- jcbeyond
-
- Group: Members
- Posts: 84
- Joined: 05-September 02
Posted 04 January 2006 - 02:31 AM
hay people check out my link and the comments on Neowin.
http://www.neowin.ne...1#comment429164
http://www.neowin.ne...1#comment429164
This post has been edited by JDC: 04 January 2006 - 07:20 PM