[THIN] Re: Alert: Zero day exploit...I suggest you do this wo rkaround if you have a Windows 2003 server!

We got hit by this thing... luckily, I had Spybot's SD Resident installed
and it caught the registry RUN update.  I then booted the machine in SAFE
mode and deleted the EXE it was trying to run.

.
.
.
----------------------------------------------------------------------------
--------------
Melvin Columna
Kraft Foods/GDC - Application Management
eMail: Melvin<.>Columna<@>Kraft.com  {remove the < and > characters}
----------------------------------------------------------------------------
--------------


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Matthew Shrewsbury
Sent: Friday, December 30, 2005 9:36 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Alert: Zero day exploit...I suggest you do this
workaround if you have a Windows 2003 server!



Out Citrix servers are Win2K so I think we are ok. However we have a lot of
fat XP clients I'm working on.

 

Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+

Senior Network Administrator

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jim Kenzig http://ThinHelp.com
Sent: Friday, December 30, 2005 9:32 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Alert: Zero day exploit...I suggest you do this
workaround if you have a Windows 2003 server!

 

That's what I'm here for. : )  Hope the list is quiet because everyone is
busily patching their servers with the workaround and not Out of the office.


Jim

----- Original Message ----
From: Matthew Shrewsbury <
To: thin@xxxxxxxxxxxxx
Sent: Friday, December 30, 2005 9:27:10 AM
Subject: [THIN] Re: Alert: Zero day exploit...I suggest you do this
workaround if you have a Windows 2003 server!

Thanks for the info!

 

Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+

Senior Network Administrator

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jim Kenzig http://ThinHelp.com
Sent: Friday, December 30, 2005 8:53 AM
To: windows2000@xxxxxxxxxxxxx; thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Alert: Zero day exploit...I suggest you do this
workaround if you have a Windows 2003 server!

 

More on this from Larry Seltzer...

http://www.eweek.com/article2/0,1895,1906513,00.asp
<http://www.eweek.com/article2/0,1895,1906513,00.asp> 

 



----- Original Message ----
From: Jim Kenzig http://ThinHelp.com <
To: windows2000@xxxxxxxxxxxxx; thin@xxxxxxxxxxxxx
Sent: Friday, December 30, 2005 8:20:39 AM
Subject: Re: Alert: Zero day exploit...I suggest you do this workaround if
you have a Windows 2003 server!

Microsoft's security advisory out on this attack:

http://www.microsoft.com/technet/security/advisory/912840.mspx
<http://www.microsoft.com/technet/security/advisory/912840.mspx> 

JK

----- Original Message ----
From: Jim Kenzig http://ThinHelp.com
To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx
Sent: Thursday, December 29, 2005 5:43:06 PM
Subject: [windows2000] Alert: Zero day exploit...I suggest you do this
workaround if you have a Windows 2003 server!

See

http://www.eweek.com/article2/0,1895,1906210,00.asp
<http://www.eweek.com/article2/0,1895,1906210,00.asp> 

 

The workaround is:

A workaround called REGSVR32 has been posted and was included in Microsoft's
advisory. The workaround is as follows, as quoted from the advisory: 

Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) 

1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
(without the quotation marks), and then click OK. 

2. A dialog box appears to confirm that the un-registration process has
succeeded. 

*  Click OK to close the dialog box. 

Impact of Workaround: The Windows Picture and Fax Viewer will no longer be
started when users click on a link to an image type that is associated with
the Windows Picture and Fax Viewer. 

 

Jim Kenzig

http://thinhelp.com <http://thinhelp.com/>

Other related posts: