The Digital Rag
Real World Information in a Virtual World
Sign Up!
Login Welcome to The Digital Rag
Tuesday, February 07 2012 @ 01:33 PM PST

Microsoft issues a patch early and more problems with the WMF facility mean it may not help

Monday, January 09 2006 @ 11:53 AM PST

Contributed by: Richard Pitt

Newsletter PostingsInternet Storm Center is now noting that the WMF vulnerability is not limited to a single procedure in the Graphics Rendering Engine - there are at least two more that can cause denial of service attacks (restart the browser for example) Their suggestion is that the shimgvw.dll program be left unregistered (or again unregistered) but for now there is no code "in the wild" that takes advantage of these two other vulnerabilities (design flaws).

I also note that those of us who are running Internet Explorer under WINE (Windows Emulator) on top of Linux either native or via CodeWeavers' Crossover facility are also vulnerable. I'm not sure at this point what actions need to be taken - will keep you informed as I find out.
The following is info on the official patch and how to uninstall the unofficial one and re-register the DLL.

I've held off telling you to go to the Microsoft site to get their official patch until I knew it was up on their normal update site which it now is at: http://v4.windowsupdate.microsoft.com/en/default.asp

and the actual patch is at: http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

From ISC's posting at: http://isc.sans.org/diary.php?rss&storyid=1019

If you have installed any of the earlier patches or workarounds, here is our recommendation for updating:

1. Reboot your system to clear any vulnerable files from memory
2. Download and apply the new patch
3. Reboot
4. Uninstall the unofficial patch, by using one of these methods:
a. Add/Remove Programs on single systems. Look for "Windows WMF Metafile Vulnerability HotFix"
b. or at a command prompt:
"C:Program FilesWindowsMetafileFixunins000.exe" /SILENT
c. or, if you used msi to install the patch on multiple machines you can uninstall it with this:
msiexec.exe /X /qn
5. Re-register the .dll if you previously unregistered it (use the same command but without the "-u"):
regsvr32 %windir%system32shimgvw.dll
6. Optionally, reboot one more time just for good measure (not required, but doesn't hurt)

Story Options

Trackback

Trackback URL for this entry: http://digital-rag.com/trackback.php/20060109115321925

No trackback comments for this entry.

0 comments

What's New

Stories

No new stories

Comments last 2 days

No new comments

Trackbacks last 2 days

No new trackbacks

Older Stories

Thursday 15-Sep


Saturday 10-Sep


Tuesday 30-Aug


Saturday 20-Aug


Thursday 18-Aug


Sunday 14-Aug


Thursday 04-Aug


Tuesday 02-Aug

?

Ads by Clickochet

G+ Public Posts

There was a problem reading this feed (see error.log for details).
?

G+

?

Facebook Page

RSS Feed

Richard's Digital Rag

Poll

How do you like to find out news about the internet and computers?

  •  Newspaper
  •  Radio
  •  TV
  •  Web Search
  •  Favourite Web Site(s)
  •  Pod Cast
  •  Video Online
  •  Email List(s)
  •  RSS - Syndication
  •  Word of mouth
This poll has 0 more questions.
Results
Other polls | 28 votes | 0 comments