[pchelpers] Re: News: unpatched very serious Windows flaw

http://myitforum.com/blog/hwaldron/archive/2005/12/29/17911.aspx
Current recommendations for Malicious WMF Exploits in-the-wild

1. Keep your Anti-Virus and Anti-Spyware software as up-to-date as 
possible.  For McAfee users should install DAT 4661 or higher now
2. Stay away from any questionable sites and do not open WMF files or 
links in any environment (e.g., IM, email, web surfing, explorer, etc.).
3. Filter and block WMF files in email or content filtering systems
4. Don't rely just on the WMF extension as Windows metadata processing 
can process a disguised and renamed extension.  For example, the 
extension of a WMF file might renamed to GIF and when Windows tries to 
open it, it may recognize that it's a WMF file originally and try to 
open it that way.
5. As an extra safety precaution, you can turn off the vulnerable DLL. 
  The Full Disclosure workaround has downloadable *.REG file that allows 
toggling shimgvw.dll on and off.  Another option might be to turn off 
the shimgvw.dll service completely, which will result in a minor loss of 
functionality.  Turning off this DLL will impact thumbnail previews in 
Windows Explorer and Windows Fax & Picture viewer, as both will no 
longer work.  Still you can restore this service later after better 
protective solutions emerge.

>>> Firefox and Opera users and people not using Outlook Express are safe as 
>>> long as they don't download any pictures from any except trusted sites.

What i meant to say was Firefox and Opera users and people not using 
Outlook Express are safe as long as they don't open or download any 
pictures from any untrustworthy sites.

>>> Internet Explorer and Outlook Express users are infected automatically 
>>> by just opening up an infected site or having an infected email first in 
>>> the Inbox, even with the preview pane turned off.

And if you have Google Desktop installed, you will be infected by a 
downloaded infected file even if you don't open it and even if it is 
disguised with a different extension.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: